changeset 938:84a6892495f6

security
author Alain Mazy <am@osimis.io>
date Fri, 21 Apr 2023 09:15:24 +0200
parents b9eb59d73a42
children 6b9bd2520680 dec770139554
files Sphinx/source/faq/security.rst
diffstat 1 files changed, 8 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/Sphinx/source/faq/security.rst	Sun Apr 16 17:27:21 2023 +0200
+++ b/Sphinx/source/faq/security.rst	Fri Apr 21 09:15:24 2023 +0200
@@ -84,7 +84,14 @@
 
 * Consider turning of the :ref:`embedded WebDAV server <webdav>` by
   setting configuration option ``WebDavEnabled`` to ``false``.
-  
+
+* Ensure that ``/tools/execute-script`` is disabled by leaving the configuration
+  ``ExecuteLuaEnabled`` to its default ``false`` value.
+
+* Ensure that the REST API can not write to the filesystem (e.g. in the
+  ``/instances/../export`` route) by leaving the configuration
+  ``RestApiWriteToFileSystemEnabled`` to its defualt ``false`` value.
+
 * Setup rules that define, for each authorized user, which resources
   it can access, and through which HTTP method (GET, POST, DELETE
   and/or PUT). This can be done by defining a :ref:`filter written in