Source Server Security Alert

When using Source Server, only use symbol files that are from a known and trusted location.

This warning appears when you enable Source Server support. Source Server commands are embedded in debug symbol files (*.pdb files). Make sure you know where your PDB files come from.


The following potential security threats must be taken into account when using Source Server: Arbitrary commands can be embedded in the application's PDB file, so make sure you put only the ones you want to execute in the srcsrv.ini file. Any attempt to execute a command not in the srcsvr.ini file will cause a confirmation dialog box to appear. For more information, see Security Warning: Debugger Must Execute Untrusted Command. No validation is done on command parameters, so be careful with trusted commands. For example, if you trusted cmd.exe, a malicious user might specify parameters that would make the command dangerous.

See also