mirror of
https://github.com/Mikaela/Limnoria-doc.git
synced 2024-11-22 20:19:32 +01:00
Document supybot.commands.allowShell.
This commit is contained in:
parent
dfad42bc1c
commit
1af914e452
15
use/security.rst
Normal file → Executable file
15
use/security.rst
Normal file → Executable file
@ -18,8 +18,8 @@ their bot as secure as possible.
|
|||||||
Trust in network operators
|
Trust in network operators
|
||||||
==========================
|
==========================
|
||||||
|
|
||||||
As you may know, it is possible to do anything from IRC, including loading
|
As you may know, by default, it is possible to do anything from IRC, including
|
||||||
the Unix plugin and using the `@call` command.
|
loading the Unix plugin and using the `@call` command.
|
||||||
The only safeguard is checking the user calling the commands is authenticated
|
The only safeguard is checking the user calling the commands is authenticated
|
||||||
as the owner of the bot; and network operators are able to spoof hostmasks
|
as the owner of the bot; and network operators are able to spoof hostmasks
|
||||||
and collect your password, thus allowing them to execute commands as the
|
and collect your password, thus allowing them to execute commands as the
|
||||||
@ -28,6 +28,15 @@ owner.
|
|||||||
Although network operators of most well-known IRC networks are not known to
|
Although network operators of most well-known IRC networks are not known to
|
||||||
do that, you should be aware of that risk.
|
do that, you should be aware of that risk.
|
||||||
|
|
||||||
|
Starting on commit `4f6a5e7db`_ (version 2017.10.01), there is a new
|
||||||
|
configuration variable, `supybot.commands.allowShell`, to prevent malicious
|
||||||
|
network operators from getting shell access on your bot's computer.
|
||||||
|
It defaults to `True` to make it easy for new users to install plugins using
|
||||||
|
PluginDownloader, but it is recommended you set it to `False` if you do not
|
||||||
|
care about that feature.
|
||||||
|
|
||||||
|
.. _4f6a5e7db: https://github.com/ProgVal/Limnoria/commit/4f6a5e7db
|
||||||
|
|
||||||
|
|
||||||
.. _security-ssl:
|
.. _security-ssl:
|
||||||
|
|
||||||
@ -59,7 +68,7 @@ Certificate validation in Limnoria
|
|||||||
|
|
||||||
Until version 2016.02.24, Limnoria did not support certificate validation.
|
Until version 2016.02.24, Limnoria did not support certificate validation.
|
||||||
Starting from this version, it is possible, but disabled by default, in order
|
Starting from this version, it is possible, but disabled by default, in order
|
||||||
to not break existing bot when updating.
|
to not break existing bots when updating.
|
||||||
|
|
||||||
Certificate validation can be enabled using this command::
|
Certificate validation can be enabled using this command::
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user