Restrictions

You can specify whether the RoboServer is allowed file system and command line access. By default, this is not allowed. If you enable it, however, robots running on RoboServer are allowed to access the file system and, using the Execute Command Line step, execute arbitrary commands on the machine running RoboServer. WARNING: enabling file system and command line access IS a security risk, and you should carefully consider if it is necessary. If you do enable it, you should make sure the machine is not accessible from outside the local network, and/or you should require user authentication. Having a RoboServer with file system and command line access running on a machine accessible from the Internet and not requiring authentication, basically opens up the machine to the outside, and anyone can, for instance, modify the file system in a way corresponding with the access rights of the user running RoboServer.

You can also disable accepting JDBC drivers from the Management Console. When activating RoboServers, the Management Console also sends settings to them. By default, this includes any JDBC drivers that have been uploaded to the Management Console. If a malicious user has gained administrator access to the Management Console, he could upload equally malicious jar files which would then be sent to the RoboServers. If the admin Management Console user is only allowed to upload JDBC drivers from the localhost, the above would only happen if the attacker is in fact sitting in front of the machine running the Management Console, or has gained access to, for instance, a VPN (in which case you probably have bigger problems), so in general it should not be necessary to disable accepting JDBC drivers. If you do, however, you can make JDBC drivers available to the RoboServer by manually putting them into the lib/jdbc directory of the installation folder as described here.