184
edits
Difference between revisions of "SG:Security Issues"
Updated default Trusted Nodes to false - change in 2.x
Lukas Rypl (talk | contribs) m (Added category) |
Tomas Kirnak (talk | contribs) (Updated default Trusted Nodes to false - change in 2.x) |
||
| Line 4: | Line 4: | ||
To prevent such scenario, all NXSL functions capable of accessing NetXMS objects requires "current node" object to be provided. Reference to object being searched will only be returned if node object supplied as "current node" is in trusted nodes list of target object. For example, if variable '''$node''' in script refers to NODE1, and [[NXSL:FindNodeObject|FindNodeObject]]($node, "NODE2") called, NODE1 must be added to list of trusted nodes for NODE2. In most places (transformation script, event processing policy, etc.) predefined variable '''$node''' exists, which refers to node object on behalf of which script is being executed. It will be event source for event processing policy script, DCI owner for transformation script, and so on. | To prevent such scenario, all NXSL functions capable of accessing NetXMS objects requires "current node" object to be provided. Reference to object being searched will only be returned if node object supplied as "current node" is in trusted nodes list of target object. For example, if variable '''$node''' in script refers to NODE1, and [[NXSL:FindNodeObject|FindNodeObject]]($node, "NODE2") called, NODE1 must be added to list of trusted nodes for NODE2. In most places (transformation script, event processing policy, etc.) predefined variable '''$node''' exists, which refers to node object on behalf of which script is being executed. It will be event source for event processing policy script, DCI owner for transformation script, and so on. | ||
For environments where such strict security checks are not required (for example, all users have read access to all nodes), they can be disabled to simplify configuration. Enforcement of trusted nodes checking controlled by server's configuration variable '''CheckTrustedNodes'''. By default it is set to ''' | For environments where such strict security checks are not required (for example, all users have read access to all nodes), they can be disabled to simplify configuration. Enforcement of trusted nodes checking controlled by server's configuration variable '''CheckTrustedNodes'''. By default it is set to '''0''' and check of trusted nodes is not enforced. To enable it, server's configuration variable '''CheckTrustedNodes''' must be set to '''1'''. The server restart is required to make this change effective. | ||
[[Category:Scripting Guide]] | [[Category:Scripting Guide]] | ||