Security
EngageOne Deliver limits security threats that result from allowing users to enter commands for execution by the server in a Web browser.
- You must have Edit Data Flow permissions to run Data Flow plans, Generate commands, or post-process commands. To minimize security risks, only grant these permissions to users who can run the same commands directly on the servers.
- Commands are only run if they match the patterns specified in
the remoteservice.properties file. An error occurs if the command does not match one of
the remote services on the list.
- Data Flow Example
allowed.command.DFS=sarun,sarun.exe,C:\\PathTo\\Sagent\\sarun.exe,C:\\PathTo\\Sagent\\sarun
EngageOne Deliver parses the command entered in the Edit Data Flow page to check that it starts with one of the items on this list and raises a validation error if there is no match.
- Generate Example
allowed.command.DOC1=doc1gen,doc1gen.exe,doc1emfe,doc1emfe.exe,
C:\\PathTo\\doc1gen.exe,C:\\PathTo\\doc1gen, C:\\PathTo\\doc1emfe.exe,
C:\\PathTo\\doc1emfe,d:\\PathTo\\doc1gen.exe,d:\\PathTo\\doc1gen,d:\\PathTo\\doc1emfe.exe, d:\\PathTo\\doc1emfe
EngageOne Deliver parses the command entered in the Edit EngageOne Designer/Generate Applications page to check that it starts with one of the items on this list and raises a validation error if there is no match.
- Post Process Command Example
allowed.command.postdoc1=perl,perl.exe,php.exe,php,
c:\\perl\\perl.exe,c:\\perl\\perl,c:\\php\\php.exe,c:\\php\\php,*.cmd
- Data Flow Example