Adobe Campaign Classic v7 & Campaign v8

marting66652718 · 3/6/24

Hello, I've been looking through our Adobe Campaign Classic instance and as an ordinary user, I can go into a workflow and run execCommand as well as LogonEscalation to do possible harmful commands to the server application. Is there a good way to restrict ordinary users from using this in a javascript field node?

Thanks in advance,

Martin

Amine_Abedour · 3/7/24

Hello @marting66652718

For the execCommand part, you can blacklist harmful commands. Please check this documentation.

Br

Amine ABEDOUR

View solution in original post

Amine_Abedour · 3/7/24

Hello @marting66652718

For the execCommand part, you can blacklist harmful commands. Please check this documentation.

Br

Amine ABEDOUR

marting66652718 · 3/7/24

Hi, I saw that. But I don't really understand the "User"-part of that XML code.

<exec user="theUnixUser" blacklistFile="/pathtothefile/blacklist"/>

Is that the user that are allowed to use it or what does it mean exactly?

Amine_Abedour · 3/8/24

Hi @marting66652718,

The user part let you configure a different linux user with what the commands would be executed. Nothing to do with the operators who create/start the javascript with execCommand in them.

Br,

Amine ABEDOUR

Adobe Campaign Classic v7 & Campaign v8

Restrict users from using execCommand and logonEscalation

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe