forbid access to environment variables
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zorba |
New
|
Undecided
|
Juan Zacarias |
Bug Description
As suggested in F&O spec in the fn:environment-
"Security advice: Queries from untrusted sources should not be permitted unrestricted access to environment variables. For example, the name of the account under which the query is running may be useful information to a would-be intruder. An implementation may therefore choose to restrict access to the environment, or may provide a facility to make fn:environment-
The user should have a way of forbidding access to environment variables, meaning making fn:available-
The test-cases impacted by this issue are:
- 'fn-available-
- 'environment-