This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin-site.git
The following commit(s) were added to refs/heads/master by this push:
new 49e74fafa Enhance security.md with a note on JDBC connection string
parameters and their security implications.
49e74fafa is described below
commit 49e74fafa164ffb0199e965328ae41dd036e8088
Author: Jongyoul Lee <jongy...@gmail.com>
AuthorDate: Tue Jul 8 15:30:47 2025 +0900
Enhance security.md with a note on JDBC connection string parameters and
their security implications.
---
security.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security.md b/security.md
index 08aaca070..ebba56684 100644
--- a/security.md
+++ b/security.md
@@ -52,6 +52,8 @@ Zeppelin deployments. Always use the latest available jars
and ensure that you
set up Zeppelin on a secure network to stop malicious users gaining access to
your deployment (see below).
+**Note:** The JDBC connection string (URL) can accept a variety of parameters,
some of which may have significant security implications. In untrusted or
shared environments, you must carefully review and monitor all parameters
included in the JDBC URL. Certain parameters can enable features such as
external network access, file access, or privilege escalation, which may
introduce security risks. Always ensure that only safe and intended parameters
are used, and regularly audit connection [...]
+
### Zeppelin on Docker
An exception to the above is when the Zeppelin interpreter
