Mercurial > hg > orthanc-book
changeset 938:84a6892495f6
security
author | Alain Mazy <am@osimis.io> |
---|---|
date | Fri, 21 Apr 2023 09:15:24 +0200 |
parents | b9eb59d73a42 |
children | 6b9bd2520680 dec770139554 |
files | Sphinx/source/faq/security.rst |
diffstat | 1 files changed, 8 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/Sphinx/source/faq/security.rst Sun Apr 16 17:27:21 2023 +0200 +++ b/Sphinx/source/faq/security.rst Fri Apr 21 09:15:24 2023 +0200 @@ -84,7 +84,14 @@ * Consider turning of the :ref:`embedded WebDAV server <webdav>` by setting configuration option ``WebDavEnabled`` to ``false``. - + +* Ensure that ``/tools/execute-script`` is disabled by leaving the configuration + ``ExecuteLuaEnabled`` to its default ``false`` value. + +* Ensure that the REST API can not write to the filesystem (e.g. in the + ``/instances/../export`` route) by leaving the configuration + ``RestApiWriteToFileSystemEnabled`` to its defualt ``false`` value. + * Setup rules that define, for each authorized user, which resources it can access, and through which HTTP method (GET, POST, DELETE and/or PUT). This can be done by defining a :ref:`filter written in