Safeguarding your environment

This custom property setting helps minimize the risk of malicious acts in your environment.

Configuration property	Default setting	Description
`disable.spotfire.trust.checks`	`FALSE`	By default, TERR service checks whether a data function has come from a trusted source. Set to `TRUE` to not check for the data function trust status of any data function run on TERR service. Warning: Setting this value to `TRUE` results in all Spotfire data functions executing unrestricted. We strongly recommend that you ensure that your service is fully secured, that engine containers are enabled, and that network access from the containers is limited (using a firewall) to only necessary servers and ports. For more information about script and data function trust, see the TIBCO Spotfire® Analyst User's Guide and TIBCO Spotfire® Administration Manager User's Guide.
`terr.restricted.execution.mode`	`TRUE`	This setting causes each expression sent to the TERR engine, running in the TERR service, to be evaluated by the function `terrUtils::evalREX` as to whether it is a restricted operation. Restricted execution mode allows executing arbitrary scripts without worrying that the script could do malicious things, such as deleting files or uploading confidential data to a server over the internet. `evalREX` is fairly conservative, preventing many operations, while still allowing some useful exceptions. The following shows a non-exhaustive list of operations disallowed in restricted execution mode. If such an evaluation is attempted, TERR generates an error, such as `"Error: restricted call to Native[tempfile]"`, and execution of the expression is terminated. Calling the restricted TERR™ function `evalREX` itself. Performing any I/O to the file system or the internet. Loading new packages, except for the libraries included with TERR™ (stats, terrUtils, and so on). Spawning new operating system processes (that is, calling `system`). Calling `.Call`, used to call Rapi code in CRAN packages. Calling `.C` or `.Fortran`. Calling into Java using the terrJava package (which allows executing arbitrary Java methods). Calling any functions in the parallel package (which uses terrJava). Accessing any function environments in the stack above the call to `evalREX` using either `sys.frame` or `parent.frame`. This prevents malicious code from installing functions or expressions that could be executed after leaving restricted execution mode. Changing the variable lookup path by setting `parent.env` of an environment, or reading or setting the environment of a closure. Defining S4 classes and methods using `setClass` or `setMethod`. If you need to use any part of the above functionality as part of your TERR service deployment, then you can set `terr.restricted.execution.mode=FALSE`. If you change this setting, be sure to review your deployment for additional steps you can take to ensure against malicious acts. See Limiting exposure of your deployment for more information. For more information about `terrUtils::evalREX`, see its help file in the TIBCO® Enterprise Runtime for R Language Reference.

Configuration property

Default setting

Description

disable.spotfire.trust.checks

FALSE

By default, TERR service checks whether a data function has come from a trusted source.

Set to TRUE to not check for the data function trust status of any data function run on TERR service.

Warning: Setting this value to TRUE results in all Spotfire data functions executing unrestricted. We strongly recommend that you ensure that your service is fully secured, that engine containers are enabled, and that network access from the containers is limited (using a firewall) to only necessary servers and ports.

For more information about script and data function trust, see the TIBCO Spotfire® Analyst User's Guide and TIBCO Spotfire® Administration Manager User's Guide.

terr.restricted.execution.mode

TRUE

This setting causes each expression sent to the TERR engine, running in the TERR service, to be evaluated by the function terrUtils::evalREX as to whether it is a restricted operation. Restricted execution mode allows executing arbitrary scripts without worrying that the script could do malicious things, such as deleting files or uploading confidential data to a server over the internet. evalREX is fairly conservative, preventing many operations, while still allowing some useful exceptions. The following shows a non-exhaustive list of operations disallowed in restricted execution mode.

If such an evaluation is attempted, TERR generates an error, such as "Error: restricted call to Native[tempfile]", and execution of the expression is terminated.

Calling the restricted TERR™ function evalREX itself.
Performing any I/O to the file system or the internet.
Loading new packages, except for the libraries included with TERR™ (stats, terrUtils, and so on).
Spawning new operating system processes (that is, calling system).
Calling .Call, used to call Rapi code in CRAN packages.
Calling .C or .Fortran.
Calling into Java using the terrJava package (which allows executing arbitrary Java methods).
Calling any functions in the parallel package (which uses terrJava).
Accessing any function environments in the stack above the call to evalREX using either sys.frame or parent.frame. This prevents malicious code from installing functions or expressions that could be executed after leaving restricted execution mode.
Changing the variable lookup path by setting parent.env of an environment, or reading or setting the environment of a closure.
Defining S4 classes and methods using setClass or setMethod.

If you need to use any part of the above functionality as part of your TERR service deployment, then you can set terr.restricted.execution.mode=FALSE. If you change this setting, be sure to review your deployment for additional steps you can take to ensure against malicious acts. See Limiting exposure of your deployment for more information.

For more information about terrUtils::evalREX, see its help file in the TIBCO® Enterprise Runtime for R Language Reference.

Related reference

Package library location

Manage Java options

Logging level

File size upload limit

Containerized configuration

Contents

Index

Search Results

Safeguarding your environment