In the WEB-INF/Configuration.xml file, it is possible to configure some additional security settings for the Management Console.

The security configuration section of the file looks like this:

            <bean id="securityConfiguration" class="">
                <property name="allowScriptExecution" value="false"/>
                <property name="jdbcDriverUpload" value="LOCALHOST"/>

It contains two security settings which are described below.

As part of a schedule, a user may configure a script that is used for Pre/Post processing, e.g. before/after any robots in the schedule are executed. These scripts must be located on the Management Console computer's file system. For security reasons, the running of external scripts is disabled by default. To allow external scripts to execute, you should change the value of the allowScriptExecution property to true.

If you use a pre/post-processing script in a schedule, and scripts are disabled by the administrator, the schedule will fail immediately with the following message Scripts have been disabled by the administrator. without executing any robots. Users can save schedules with pre/post-processing scripts even if the feature is disabled. NB: Even if external scripts are disabled, you can still use the pseudo script command "runrobot: test.robot" as part of pre/post-processing.

By default, only the admin user when accessing the Management Console from the localhost is allowed to upload JDBC drivers. To change this behavior, modify the jdbcDriverUpload property. The following are the possible values, the property can have: