function.service.whitelist

The property function.service.whitelist provides the means to specify the functions that can run on Spotfire Statistics Services. Applies to any of the tested statistical engine types in your Spotfire Statistics Services installation when Spotfire calls a data function using SpotfireConnector/execSpotfireAnalytic.

Property Name	Default Value	Property Description
`function.service.whitelist`	`SpotfireConnector/execSpotfireAnalytic`	This option provides the means to limit which functions can be called using the Function Service API to run on Spotfire Statistics Services. If `function.service.whitelist` is not given, or if it is empty, then it is the same as the default, accepting only `SpotfireConnector` and `execSpotfireAnalytic`, so Spotfire data functions can run. If `function.service.whitelist` is none, then no functions are permitted. If `function.service.whitelist` is set to ``, then all functions are permitted. The default value is a function used only for data functions that are sent to Spotfire Statistics Services from Spotfire. You can set the value to a string with one or more `package/function` patterns, separated by commas. Each pattern is a Java-style regex string. It can use `` to match anything. Example: The whitelist `rnorm,stats/rn.,/aa` allows the following. The function `rnorm` in any package. Any function starting with `rn`, followed by any characters, in the stats package. The function `aa` in any package. Important: If you are using the TERR engine, then any function that is accepted by this whitelist is also evaluated by the property `terr.restricted.execution.mode` if it is set to `true` (the default). If a function is determined to engage in potentially malicious behavior, then the function fails when it tries to perform a restricted operation, unless you change `terr.restricted.execution.mode` to `false`. (Applies only if you are using the TERR engine. For more information, and a non-exhaustive list of the types of behavior not permitted when `terr.restricted.execution.mode=true`, see its help. See Recommendations for safeguarding your environment for more information.

Property Name

Default Value

Property Description

function.service.whitelist

SpotfireConnector/execSpotfireAnalytic

This option provides the means to limit which functions can be called using the Function Service API to run on Spotfire Statistics Services.

If function.service.whitelist is not given, or if it is empty, then it is the same as the default, accepting only SpotfireConnector and execSpotfireAnalytic, so Spotfire data functions can run.
If function.service.whitelist is none, then no functions are permitted.
If function.service.whitelist is set to *, then all functions are permitted.

The default value is a function used only for data functions that are sent to Spotfire Statistics Services from Spotfire.

You can set the value to a string with one or more package/function patterns, separated by commas. Each pattern is a Java-style regex string. It can use * to match anything.

Example:

The whitelist rnorm,stats/rn.*,*/aa allows the following.

The function rnorm in any package.
Any function starting with rn, followed by any characters, in the stats package.
The function aa in any package.

Important: If you are using the TERR engine, then any function that is accepted by this whitelist is also evaluated by the property terr.restricted.execution.mode if it is set to true (the default). If a function is determined to engage in potentially malicious behavior, then the function fails when it tries to perform a restricted operation, unless you change terr.restricted.execution.mode to false. (Applies only if you are using the TERR engine.

For more information, and a non-exhaustive list of the types of behavior not permitted when terr.restricted.execution.mode=true, see its help.

See Recommendations for safeguarding your environment for more information.

Contents

Index

Search Results

function.service.whitelist