Zorba

forbid access to environment variables

Bug #1187692 reported by Sorin Marian Nasoi on 2013-06-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Zorba	New	Undecided	Juan Zacarias

Bug Description

As suggested in F&O spec in the fn:environment-variable section Notes:

"Security advice: Queries from untrusted sources should not be permitted unrestricted access to environment variables. For example, the name of the account under which the query is running may be useful information to a would-be intruder. An implementation may therefore choose to restrict access to the environment, or may provide a facility to make fn:environment-variable always return the empty sequence."

The user should have a way of forbidding access to environment variables, meaning making fn:available-environment-variables function return empty sequence.

The test-cases impacted by this issue are:
- 'fn-available-environment-variables-011' from 'fn-available-environment-variables' test-set
- 'environment-variable-005', 'environment-variable-006', 'environment-variable-007' from 'fn-environment-variable' test-set

Tags:

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.