EMSE Security Control filter
Topics:
Overview
This release introduces a security filter for the EMSE engine. Previously a white list was used on the av.emse.security control in the BIZ ServerConfig.properties file. This is now a black list that blocks (by default) the classes java.lang.ProcessBuilder and java.lang.Runtime.
EMSE Security Control methods
These methods are available for the EMSE Security Control:
writeToFile
anddeleteFile
- In the ServerConfig.properties file, the configuration propertyav.emse.file.path={EMSE file path on application server}
restricts access to the server for these methods.
Note: The EMSE Security Control overrides the behavior of existing EMSE scripts that
call these two methods.
Configure EMSE Security Control
Follow these steps for each BIZ server individually.
- On the application server, go to \av.biz\conf\av\ and open the ServerConfig.properties file.
- Verify this entry exists and is enabled (set to true):
av.emse.security=true
- Check that the path includes the correct location of your EMSE script folder:
av.emse.file.path={EMSE file path on application server}
Example: To set the file path as D:\emse\temp, add this code:
av.emse.file.path=D:\emse\temp
- Go to \av.biz\conf\av\ and open the EMSESecurityConfig.properties file, or create the file (this file name is case sensitive).
- Add classes to this code in the EMSESecurityConfig.properties
file:
Example: Addingemse.class.blacklist={class #1, class#2,...}
emse.class.blacklist=java.lang.ProcessBuilder, java.lang.Runtime
blocks those classes from modifying instances. These two classes are the default for the blacklist. - Restart the server for the changes to take effect.