Protect JNDI Data Sources

Unless specific steps are taken, a user in EDQ can set up a data store with a reference to the JNDI name of any existing data source and then access data in these schemas, which can contain very sensitive information. To protect JNDI data sources in EDQ, specify the names (or regular expressions matching the names) in director.properties:

protected.jndi.datasources = <space separated list of JNDI names>

For example:

protected.jndi.datasources = jdbc/edqconfig jdbc/edqresults

The property is a space-separated list of regexes so you could also use:

protected.jndi.datasources = jdbc/edq.*

Note:

When setting this value in the local director.properties, always include the default setting from the base properties file. This setting prevents access to the WebLogic internal data sources as well as the EDQ data sources.