# HG changeset patch # User Alain Mazy # Date 1682061324 -7200 # Node ID 84a6892495f6ca93246e4575005812caa8b205cc # Parent b9eb59d73a420b13177322ceb114416970724335 security diff -r b9eb59d73a42 -r 84a6892495f6 Sphinx/source/faq/security.rst --- a/Sphinx/source/faq/security.rst Sun Apr 16 17:27:21 2023 +0200 +++ b/Sphinx/source/faq/security.rst Fri Apr 21 09:15:24 2023 +0200 @@ -84,7 +84,14 @@ * Consider turning of the :ref:`embedded WebDAV server ` by setting configuration option ``WebDavEnabled`` to ``false``. - + +* Ensure that ``/tools/execute-script`` is disabled by leaving the configuration + ``ExecuteLuaEnabled`` to its default ``false`` value. + +* Ensure that the REST API can not write to the filesystem (e.g. in the + ``/instances/../export`` route) by leaving the configuration + ``RestApiWriteToFileSystemEnabled`` to its defualt ``false`` value. + * Setup rules that define, for each authorized user, which resources it can access, and through which HTTP method (GET, POST, DELETE and/or PUT). This can be done by defining a :ref:`filter written in