• Web server cleans and sanitizes all GET and POST parameters that could potentially be used for XSS attacs
  • Web server supports SSL encryption (HTTPS, TLS)
  • All communication between probes and core and between cluster cores is secured by SSL encryption (TLS)
  • Probe/core connections can be filtered by IP address
  • User must have console access to set up probe/core connections or core/core connections
  • Web server checks the user account, group membership and the access rights before delivering any webpage
  • Web server does not deliver files from folders that are not configured by PRTG (avoids directory traversal attacks)
  • PRTG’s internal data management is not based on an SQL server, so SQL injection attacks are impossible
  • User accounts require a password
  • Internally stored passwords are always stored in an encrypted format, passwords are not logged into logfiles
  • If a password (e.g. login credentials for sensor) was entered into a webpage of the web interface it will never be sent back to the browser
  • Sensor script files (custom sensors) and custom notifications can not be edited within the web interface, users must have access to the file system to edit them (avoids users with access to the web interface to inject and run malicious scripts on the PRTG system)


Copyright © 1998 - 2012 Paessler AG
SolutionsContactSitemapPrivacy PolicyTerms