The Server Command tool provides a command-line interface to SavaPage Server methods. The following security measures apply:
Only users with read access to the
file have the right to execute the command.
An SSL connection is used to communicate with the server.
An API key is used as client identification.
SavaPage server accepts SSL connections from local host only. When remote access to SavaPage is proxied, e.g. by Apache redirect, the remote address will be 127.0.0.1 in all cases. Therefore, requests from local loop-back address 127.0.0.1 are not accepted. The request origin must be a "real" IP address identical to the one of the SavaPage server.
At the client, SSL host name verification is turned off. This allows a mismatch between the server host name and the SSL certificate CN.