From 63ffac81de81ac533ad969bc5ebf4174b49d1195 Mon Sep 17 00:00:00 2001 From: Dominik Gresch Date: Mon, 2 Dec 2024 13:26:43 +0100 Subject: [PATCH] Adapt security considerations to mention auto-transfer mode --- doc/source/user_guide/security_considerations.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/source/user_guide/security_considerations.rst b/doc/source/user_guide/security_considerations.rst index 220b32ab3d..a2b1fcd5a6 100644 --- a/doc/source/user_guide/security_considerations.rst +++ b/doc/source/user_guide/security_considerations.rst @@ -62,6 +62,8 @@ File up- and downloads The :py:meth:`.ACPInstance.upload_file` and :py:meth:`.ACPInstance.download_file` methods create files on the local or remote machine, without any validation of the file content or path. +The same is true for file load / save methods if the ``auto_transfer_files`` parameter is set to +``True`` in :func:`.launch_acp`. When exposing these methods to untrusted users, it is important to validate that only files that are safe to be uploaded or downloaded are processed.