This documentation is archived and is not being maintained.

Source Server Security Alert

Error Message

When using Source Server, only use symbol files that are from a known and trusted location.

This warning appears when you enable Source Server support. Source Server commands are embedded in debug symbol files (PDB files). Make sure you know where your PDB files come from.

Security noteSecurity Note

The following potential security threats must be taken into account when using Source Server: Arbitrary commands can be embedded in the application's PDB file, so make sure you put only the ones you want to execute in the srcsrv.ini file. Any attempt to execute a command not in the srcsvr.ini file will cause a confirmation dialog box to appear. For more information, see Security Warning: Debugger Must Execute Untrusted Command.No validation is done on command parameters, so be careful with trusted commands. For example, if you trusted cmd.exe, a malicious user might specify parameters that would make the command dangerous.

See Also