disable.spotfire.trust.checks
|
FALSE
|
By default,
TERR service checks whether a data function has come from a trusted source.
Set to
TRUE to not check for the data function trust status of any data function run on
TERR service.
Warning: Setting this value to
TRUE results in all Spotfire data functions executing unrestricted. We strongly recommend that you ensure that your service is fully secured, that engine containers are enabled, and that network access from the containers is limited (using a firewall) to only necessary servers and ports.
For more information about script and data function trust, see the
TIBCO Spotfire® Analyst User's Guide and
TIBCO Spotfire® Administration Manager User's Guide.
|
terr.restricted.execution.mode
|
TRUE
|
This setting causes each expression sent to the
TERR engine, running in the
TERR service, to be evaluated by the function
terrUtils::evalREX as to whether it is a restricted operation. Restricted execution mode allows executing arbitrary scripts without worrying that the script could do malicious things, such as deleting files or uploading confidential data to a server over the internet.
evalREX is fairly conservative, preventing many operations, while still allowing some useful exceptions. The following shows a non-exhaustive list of operations disallowed in restricted execution mode.
If such an evaluation is attempted,
TERR generates an error, such as
"Error: restricted call to Native[tempfile]", and execution of the expression is terminated.
- Calling the restricted
TERR™ function
evalREX itself.
- Performing any I/O to the file system or the internet.
- Loading new packages, except for the libraries included with
TERR™ (stats, terrUtils, and so on).
- Spawning new operating system processes (that is, calling
system).
- Calling
.Call, used to call Rapi code in CRAN packages.
- Calling
.C or
.Fortran.
- Calling into Java using the terrJava package (which allows executing arbitrary Java methods).
- Calling any functions in the parallel package (which uses terrJava).
- Accessing any function environments in the stack above the call to
evalREX using either
sys.frame or
parent.frame. This prevents malicious code from installing functions or expressions that could be executed after leaving restricted execution mode.
- Changing the variable lookup path by setting
parent.env of an environment, or reading or setting the environment of a closure.
- Defining S4 classes and methods using
setClass or
setMethod.
If you need to use any part of the above functionality as part of your
TERR service deployment, then you can set
terr.restricted.execution.mode=FALSE. If you change this setting, be sure to review your deployment for additional steps you can take to ensure against malicious acts. See Limiting exposure of your deployment for more information.
For more information about
terrUtils::evalREX, see its help file in the
TIBCO® Enterprise Runtime for R Language Reference.
|