This is an automated email from the ASF dual-hosted git repository.

jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 49e74fafa Enhance security.md with a note on JDBC connection string 
parameters and their security implications.
49e74fafa is described below

commit 49e74fafa164ffb0199e965328ae41dd036e8088
Author: Jongyoul Lee <jongy...@gmail.com>
AuthorDate: Tue Jul 8 15:30:47 2025 +0900

    Enhance security.md with a note on JDBC connection string parameters and 
their security implications.
---
 security.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/security.md b/security.md
index 08aaca070..ebba56684 100644
--- a/security.md
+++ b/security.md
@@ -52,6 +52,8 @@ Zeppelin deployments. Always use the latest available jars 
and ensure that you
 set up Zeppelin on a secure network to stop malicious users gaining access to
 your deployment (see below).
 
+**Note:** The JDBC connection string (URL) can accept a variety of parameters, 
some of which may have significant security implications. In untrusted or 
shared environments, you must carefully review and monitor all parameters 
included in the JDBC URL. Certain parameters can enable features such as 
external network access, file access, or privilege escalation, which may 
introduce security risks. Always ensure that only safe and intended parameters 
are used, and regularly audit connection [...]
+
 ### Zeppelin on Docker
 
 An exception to the above is when the Zeppelin interpreter

Reply via email to