Skip to main content

HTTP GET Commands to be restricted in JobScheduler version 1.7

Submitted by sos-admin on Tue, 06/03/2014 - 16:32
News Date and Time
Jun 03 2014 16:32

The forthcoming release of version JobScheduler 1.7 will bring restrictions to the JobScheduler Engine commands that can be carried out via HTTP GET. From version 1.7 onwards only "read" access will be allowed.

We have decided to make this change in order to be able to prohibit cross-site scripting.

All <show_... /> commands will be allowed. Other commands such as <start_job …/>, <add_order …/>, <terminate …/> etc. will be prohibited.

We will be making a plugin available for users of HTTP GET, to enable commands to be sent from users' own applications to the JobScheduler Engine. This will require a modified URL but will enable all commands to be executed via HTTP GET.

Details about the changes to the use of HTTP GET can be found in our JS-1154.
Information about the use of the plugin can be found in JS-1155.

See also: How to run JobScheduler with Jetty