Adobe Campaign Classic v7 & Campaign v8

marting66652718 · 06.03.24

Hello, I've been looking through our Adobe Campaign Classic instance and as an ordinary user, I can go into a workflow and run execCommand as well as LogonEscalation to do possible harmful commands to the server application. Is there a good way to restrict ordinary users from using this in a javascript field node?

Thanks in advance,

Martin

Amine_Abedour · 07.03.24

Hello @marting66652718

For the execCommand part, you can blacklist harmful commands. Please check this documentation.

Br

Amine ABEDOUR

Lösung in ursprünglichem Beitrag anzeigen

Amine_Abedour · 07.03.24

Hello @marting66652718

For the execCommand part, you can blacklist harmful commands. Please check this documentation.

Br

Amine ABEDOUR

marting66652718 · 07.03.24

Hi, I saw that. But I don't really understand the "User"-part of that XML code.

<exec user="theUnixUser" blacklistFile="/pathtothefile/blacklist"/>

Is that the user that are allowed to use it or what does it mean exactly?

Amine_Abedour · 08.03.24

Hi @marting66652718,

The user part let you configure a different linux user with what the commands would be executed. Nothing to do with the operators who create/start the javascript with execCommand in them.

Br,

Amine ABEDOUR

Adobe Campaign Classic v7 & Campaign v8

Restrict users from using execCommand and logonEscalation

Lernressourcen

Dokumentation

Events

Community

Support

Ressourcen

Adobe-Konto

Adobe