35
edits
Difference between revisions of "SG:Security Issues"
no edit summary
Tomas Kirnak (talk | contribs) (Updated default Trusted Nodes to false - change in 2.x) |
|||
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:Security Issues}} | {{DISPLAYTITLE:Security Issues}} | ||
{| style="border-spacing: 20px; border: 20px solid red;" | |||
| | |||
'''WARNING''': This page is no longer updated. Please visit '''[https://www.netxms.org/documentation/nxsl-latest/ NetXMS Scripting Language]''' for current version of the documentation. | |||
|} | |||
Because NXSL provides functions for searching objects, and because all scripts are executed on management server, user with write access to only one node can potentially acquire information about nodes to which he normally does not have access. For example, without additional security checks user with write access to node A and no access to node B can create transformation script for DCI on node A and use [[NXSL:FindNodeObject|FindNodeObject]] function to access node B and get information about it, thus breaking security settings. | Because NXSL provides functions for searching objects, and because all scripts are executed on management server, user with write access to only one node can potentially acquire information about nodes to which he normally does not have access. For example, without additional security checks user with write access to node A and no access to node B can create transformation script for DCI on node A and use [[NXSL:FindNodeObject|FindNodeObject]] function to access node B and get information about it, thus breaking security settings. | ||