I'm not a security expert, but I'm pretty sure this application runs the risk of enabling remote code execution. It will only execute code via source(), so any malicious code would need to be written to the server, and the dispatchr server would need to have read access on that location. It seems unlikely that this is actually a vulnerability, but I feel like it's probably a good idea to be concerned.
A simple way to add a little more safety would be to add user authentication. This wouldn't necessarily need to be required, but it should at least be an option. so something like:
I'm not a security expert, but I'm pretty sure this application runs the risk of enabling remote code execution. It will only execute code via
source()
, so any malicious code would need to be written to the server, and the dispatchr server would need to have read access on that location. It seems unlikely that this is actually a vulnerability, but I feel like it's probably a good idea to be concerned.A simple way to add a little more safety would be to add user authentication. This wouldn't necessarily need to be required, but it should at least be an option. so something like: