Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable Eval #2803

Closed
Sasiko opened this issue Jun 2, 2020 · 4 comments
Closed

Disable Eval #2803

Sasiko opened this issue Jun 2, 2020 · 4 comments
Labels
approved config suggestion New config option

Comments

@Sasiko
Copy link

Sasiko commented Jun 2, 2020

Option to disable eval on .env

This is important, especially when you dont want to use eval and account getting compromised can lead to injecting malicius files etc
@Taaku18
Copy link
Collaborator

Taaku18 commented Jun 7, 2020

Will be added in the next version of Modmail.

@Taaku18 Taaku18 added approved config suggestion New config option labels Jun 7, 2020
@RealCyGuy
Copy link
Member

but the person with access to the account could just re-enable the eval command

@Taaku18
Copy link
Collaborator

Taaku18 commented Jun 8, 2020

but the person with access to the account could just re-enable the eval command

The config var can only be changed in the config file/env vars, which requires you to have access to the file system.

@lorenzo132
Copy link
Member

@Sasiko This has been added by now, add the line ENABLE_EVAL=no to your .env

@fourjr fourjr closed this as completed Oct 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved config suggestion New config option
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Sasiko @fourjr @Taaku18 @lorenzo132 @RealCyGuy