Script policies incorrectly applied?

daviddem · June 13, 2012, 3:21am

It seems that script policies are incorrectly applied. For example, according to the wiki, the hotspot passwords are considered sensitive information. However, a script without the “sensitive” category granted can still read and display hotspot passwords. See below.

[admin@MikroTik] > /system script add name=TestPolicy policy=read source=":local p [/ip hotspot user get TestUser password];:put \$p"
[admin@MikroTik] > /system script run TestPolicy 
TestPassword
[admin@MikroTik] >

The only reason for which I am thinking this could be valid is whether user’s policies supersede script policies. However this is not stated anywhere in the Wiki.

daviddem · June 13, 2012, 11:28am

Reply to the bug report from Mikrotik support:

Hello,

Thank you for the report, we will fix the problem in the future versions.

Regards,
Maris

Come to Training and MUM in Autumn 2012:
India, UAE, USA, China, Indonesia, Australia!
http://mum.mikrotik.com/

Script policies incorrectly applied?

Regards, Maris

Regards,
Maris