Safeguarding your environment
This custom property setting helps minimize the risk of malicious acts in your environment.
Configuration property | Default setting | Description |
---|---|---|
disable.spotfire.trust.checks
|
FALSE
|
By default, TERR service checks whether a data function has come from a trusted source. Set toTRUE to not check for the data function trust
status of any data function run on
TERR service.
Warning: Setting this value to
TRUE results in all Spotfire data functions
executing unrestricted. We strongly recommend that you ensure that your service
is fully secured, that engine containers are enabled, and that network access
from the containers is limited (using a firewall) to only necessary servers and
ports.
For more information about script and data function trust, see the Spotfire® Analyst User's Guide and Spotfire® Administration Manager User's Guide. |
terr.restricted.execution.mode
|
TRUE
|
This setting causes each expression sent to
the
TERR engine, running in
TERR service, to be evaluated by the function
>>name>>
as to whether it is a restricted operation. Restricted
execution mode allows executing arbitrary scripts without worrying that the
script could do malicious things, such as deleting files or uploading
confidential data to a server over the internet.
evalREX is fairly conservative, preventing many
operations, while still allowing some useful exceptions. The following shows a
non-exhaustive list of operations disallowed in restricted execution mode.
If such an evaluation is attempted, TERR generates an error, such as "Error: restricted call to Native[tempfile]", and execution of the expression is terminated.
If you need to use any part of the above functionality as part
of your
TERR service deployment, then you can set
For more information about
|