This is an automated email from the ASF dual-hosted git repository. jongyoul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/zeppelin-site.git
The following commit(s) were added to refs/heads/master by this push: new 49e74fafa Enhance security.md with a note on JDBC connection string parameters and their security implications. 49e74fafa is described below commit 49e74fafa164ffb0199e965328ae41dd036e8088 Author: Jongyoul Lee <jongy...@gmail.com> AuthorDate: Tue Jul 8 15:30:47 2025 +0900 Enhance security.md with a note on JDBC connection string parameters and their security implications. --- security.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security.md b/security.md index 08aaca070..ebba56684 100644 --- a/security.md +++ b/security.md @@ -52,6 +52,8 @@ Zeppelin deployments. Always use the latest available jars and ensure that you set up Zeppelin on a secure network to stop malicious users gaining access to your deployment (see below). +**Note:** The JDBC connection string (URL) can accept a variety of parameters, some of which may have significant security implications. In untrusted or shared environments, you must carefully review and monitor all parameters included in the JDBC URL. Certain parameters can enable features such as external network access, file access, or privilege escalation, which may introduce security risks. Always ensure that only safe and intended parameters are used, and regularly audit connection [...] + ### Zeppelin on Docker An exception to the above is when the Zeppelin interpreter