Skip to Main Content
Spotfire Ideas Portal
Status Future Consideration
Product Spotfire
Categories Scripting
Created by Guest
Created on Mar 8, 2018

Need capability to restrict the type of iron python and java script operations to be used in spotfire

The existing spotfire license either provides iron python or java script capability or removes completely. We are looking for options to restrict what users can do as part of the iron python or java scripting through spotfire such as

1. Restrict any input output operations through these scripts

2. list of packages or namespaces that can be imported or used in the scripts

  • Attach files
  • Guest
    Reply
    |
    Mar 8, 2018

    To give a bit more context.  The implicit assumption we have been working with for IronPython is that report creators would use such tools for report navigation and more intuitive manipulation and potentially some data side calculation.

    However, we are seeing an increase of users leveraging code on the internet to suggest writing to file system.  In a more extreme case, a user took code from online, where the extractData was written to a temp file on a server in plain text. 

    The user can potentially plead ignorance, and we can warn people not to do it, but it's still an imperfect solution.  Ideally we would like ways to either track or restrict what happens within code while in report.