Mercurial > hg > orthanc-book
comparison Sphinx/source/faq/security.rst @ 948:20a369cc2823
security: non privilege user
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Fri, 02 Jun 2023 15:21:48 +0200 |
| parents | 1e0f49aa75f3 |
| children |
comparison
equal
deleted
inserted
replaced
| 947:0b89127439b1 | 948:20a369cc2823 |
|---|---|
| 89 ``ExecuteLuaEnabled`` to its default ``false`` value. | 89 ``ExecuteLuaEnabled`` to its default ``false`` value. |
| 90 | 90 |
| 91 * Ensure that the REST API can not write to the filesystem (e.g. in the | 91 * Ensure that the REST API can not write to the filesystem (e.g. in the |
| 92 ``/instances/../export`` route) by leaving the configuration | 92 ``/instances/../export`` route) by leaving the configuration |
| 93 ``RestApiWriteToFileSystemEnabled`` to its default ``false`` value. | 93 ``RestApiWriteToFileSystemEnabled`` to its default ``false`` value. |
| 94 | |
| 95 * Make sure to run Orthanc as a non-privileged user with read-write access only | |
| 96 for the storage area. | |
| 94 | 97 |
| 95 * Setup rules that define, for each authorized user, which resources | 98 * Setup rules that define, for each authorized user, which resources |
| 96 it can access, and through which HTTP method (GET, POST, DELETE | 99 it can access, and through which HTTP method (GET, POST, DELETE |
| 97 and/or PUT). This can be done by defining a :ref:`filter written in | 100 and/or PUT). This can be done by defining a :ref:`filter written in |
| 98 Lua <lua-filter-rest>`. Here is a sample Lua filter that | 101 Lua <lua-filter-rest>`. Here is a sample Lua filter that |