Restrict users from using execCommand and logonEscalation | Community
Skip to main content
M
marting66652718
Level 2
March 7, 2024
Solved

Restrict users from using execCommand and logonEscalation

  • March 7, 2024
  • 1 reply
  • 1040 views

Hello, I've been looking through our Adobe Campaign Classic instance and as an ordinary user, I can go into a workflow and run execCommand as well as LogonEscalation to do possible harmful commands to the server application. Is there a good way to restrict ordinary users from using this in a javascript field node?

 

 

 

 

 

 

 

 

 

 

 

 

Thanks in advance,

Martin

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Amine_Abedour

Hello @marting66652718 

 

For the execCommand part, you can blacklist harmful commands. Please check this documentation.

 

Br

1 reply

Amine_Abedour
Community Advisor
Amine_AbedourCommunity AdvisorAccepted solution
Community Advisor
March 7, 2024

Hello @marting66652718 

 

For the execCommand part, you can blacklist harmful commands. Please check this documentation.

 

Br

Amine ABEDOUR
M
marting66652718Author
Level 2
March 7, 2024

Hi, I saw that. But I don't really understand the "User"-part of that XML code.

<exec user="theUnixUser" blacklistFile="/pathtothefile/blacklist"/>

Is that the user that are allowed to use it or what does it mean exactly?

Amine_Abedour
Community Advisor
Amine_AbedourCommunity Advisor
Community Advisor
March 8, 2024

Hi @marting66652718,

 

The user part let you configure a different linux user with what the commands would be executed. Nothing to do with the operators who create/start the javascript with execCommand in them.

 

Br,

Amine ABEDOUR
    Terms & ConditionsAccessibility statement

    Loading footer...