Advanced Troubleshooting
Sometimes you need to really see what OliveTin is doing, especially when debugging entities. OliveTin has several built-in options for advanced troubleshooting, but enabling these output options can expose sensitive information, so they can be insecure.
OliveTin itself is not "insecure" by using these options, they would not let attackers execute different commands or anything like that. It’s just that using these options can expose data (like entity files) that maybe you don’t want an attacker to see. |
All these configuration options are false
by default, and should be deleted from the config or reset back to false
when you are not using them.
Dump SOS Reports
InsecureAllowDumpSos: true
- will allow dumping SOS Reports as plain text when visiting http://server:1337/api/sosreport
Dump Action Map
InsecureAllowDumpActionMap: true
- will allow dumping all the actions (and those generated with entities) and their public IDs, eg: http://server:1337/api/DumpActionMap
Dump Vars
InsecureAllowDumpVars: true
- will allow dumping all the "string variables" from a map that is mainly used for entities, eg: http://server:1337/api/DumpVars