EMSE Security Control

Topics:

EMSE Security Control methods

These methods are available for the EMSE Security Control:

  • writeToFile and deleteFile - In the ServerConfig.properties file, the configuration property av.emse.file.path={EMSE file path on application server} restricts access to the server for these methods.
  • newInstance - The EMSESecurityConfig.properties file contains a black list that restricts the class instances created by this method.
Note: The EMSE Security Control overrides the behavior of existing EMSE scripts that call the writeToFile, deleteFile, and/or newInstance methods.

Configure EMSE Security Control

  1. On the application server, go to \av.biz\conf\av\ and open the ServerConfig.properties file.
  2. Add this code, or check that the path includes the correct location of your EMSE script folder: av.emse.file.path={EMSE file path on application server}

    This defines the file path on the server that the writeToFile method adds files to or the deleteFile method deletes files from.

    Example: To set the file path as D:\emse\temp, add this code:

    # UtilScript file path

    av.emse.file.path=D:\emse\temp

  3. Go to \av.biz\conf\av\ and open the EMSESecurityConfig.properties file, or create the file (this file name is case sensitive).
  4. Add classes to this code in the EMSESecurityConfig.properties file:

    emse.class.blacklist={class #1, class#2,...}

    Example: Adding java.lang.ProcessBuilder, java.lang.Runtime blocks those classes from modifying instances. These two classes are the default for the blacklist.
  5. Restart the server for the changes to take effect.