You can specify whether the RoboServer is allowed file system and command line access. By default, this is not allowed. If you enable it, however, robots running on RoboServer are allowed to access the file system and, using the Execute Command Line step, execute arbitrary commands on the machine running RoboServer. WARNING: enabling file system and command line access IS a security risk, and you should carefully consider if it is necessary. If you do enable it, you should make sure the machine is not accessible from outside the local network, and/or you should require user authentication. Having a RoboServer with file system and command line access running on a machine accessible from the Internet and not requiring authentication, basically opens up the machine to the outside, and anyone can, for instance, modify the file system in a way corresponding with the access rights of the user running RoboServer.
You can also disable accepting JDBC drivers from the
Management Console. When activating RoboServers, the Management Console also
sends settings to them. By default, this includes any JDBC drivers that
have been uploaded to the Management Console. If a malicious user has
gained administrator access to the Management Console, he could upload
equally malicious jar files which would then be sent to the RoboServers.
If the admin Management Console user is only allowed to upload JDBC
drivers from the localhost, the above would only happen if the attacker
is in fact sitting in front of the machine running the Management Console,
or has gained access to, for instance, a VPN (in which case you probably
have bigger problems), so in general it should not be necessary to
disable accepting JDBC drivers. If you do, however, you can make JDBC
drivers available to the RoboServer by manually putting them into the
lib/jdbc directory of the installation folder as described