Hello, I've been looking through our Adobe Campaign Classic instance and as an ordinary user, I can go into a workflow and run execCommand as well as LogonEscalation to do possible harmful commands to the server application. Is there a good way to restrict ordinary users from using this in a javascript field node?
Thanks in advance,
Martin
Solved! Go to Solution.
Views
Replies
Total Likes
Hello @marting66652718
For the execCommand part, you can blacklist harmful commands. Please check this documentation.
Br
Views
Replies
Total Likes
Hello @marting66652718
For the execCommand part, you can blacklist harmful commands. Please check this documentation.
Br
Views
Replies
Total Likes
Hi, I saw that. But I don't really understand the "User"-part of that XML code.
<exec user="theUnixUser" blacklistFile="/pathtothefile/blacklist"/>
Is that the user that are allowed to use it or what does it mean exactly?
Views
Replies
Total Likes
Hi @marting66652718,
The user part let you configure a different linux user with what the commands would be executed. Nothing to do with the operators who create/start the javascript with execCommand in them.
Br,
Views
Likes
Replies