# HG changeset patch
# User Alain Mazy <am@osimis.io>
# Date 1682490935 -7200
# Node ID 1e0f49aa75f3e21c7349847ed79d6178ecdff98b
# Parent  e5bfa890c2650ffb03d5832b350baf918f7a2817
security

diff -r e5bfa890c265 -r 1e0f49aa75f3 Sphinx/source/faq/security.rst
--- a/Sphinx/source/faq/security.rst	Mon Apr 24 11:35:14 2023 +0200
+++ b/Sphinx/source/faq/security.rst	Wed Apr 26 08:35:35 2023 +0200
@@ -114,9 +114,11 @@
     end
 
   Very importantly, make sure to protect ``POST`` access to the
-  ``/tools/execute-script`` URI. This URI can indeed be used by a
-  malicious user to execute any system command on the computer as the
-  user that runs Orthanc.
+  ``/tools/execute-script`` and ``/instances/../export`` URIs. 
+  The first URI can indeed be used by a malicious user to execute any 
+  system command on the computer as the user that runs Orthanc.  The second
+  URI can be used by a malicious user to overwrite system files possibly
+  with malicious DICOM files that may lead to execution of system commands.
 
 * Consider implementing a :ref:`higher-level application
   <improving-interface>` (e.g. in PHP, Java, Django...) that takes