Mercurial > hg > orthanc-book
comparison Sphinx/source/faq/security.rst @ 948:20a369cc2823
security: non privilege user
author | Alain Mazy <am@osimis.io> |
---|---|
date | Fri, 02 Jun 2023 15:21:48 +0200 |
parents | 1e0f49aa75f3 |
children |
comparison
equal
deleted
inserted
replaced
947:0b89127439b1 | 948:20a369cc2823 |
---|---|
89 ``ExecuteLuaEnabled`` to its default ``false`` value. | 89 ``ExecuteLuaEnabled`` to its default ``false`` value. |
90 | 90 |
91 * Ensure that the REST API can not write to the filesystem (e.g. in the | 91 * Ensure that the REST API can not write to the filesystem (e.g. in the |
92 ``/instances/../export`` route) by leaving the configuration | 92 ``/instances/../export`` route) by leaving the configuration |
93 ``RestApiWriteToFileSystemEnabled`` to its default ``false`` value. | 93 ``RestApiWriteToFileSystemEnabled`` to its default ``false`` value. |
94 | |
95 * Make sure to run Orthanc as a non-privileged user with read-write access only | |
96 for the storage area. | |
94 | 97 |
95 * Setup rules that define, for each authorized user, which resources | 98 * Setup rules that define, for each authorized user, which resources |
96 it can access, and through which HTTP method (GET, POST, DELETE | 99 it can access, and through which HTTP method (GET, POST, DELETE |
97 and/or PUT). This can be done by defining a :ref:`filter written in | 100 and/or PUT). This can be done by defining a :ref:`filter written in |
98 Lua <lua-filter-rest>`. Here is a sample Lua filter that | 101 Lua <lua-filter-rest>`. Here is a sample Lua filter that |