Date modified	16 May 2017
Known issue ID	SW-11114
Applications	PLAXIS 2D, PLAXIS 3D

Firewall

Plaxis remote scripting is built using the HTTP protocol. It is in principle possible for any (remote) client to connect to a Plaxis remote scripting server, if this server is activated. In order to prevent third parties interfering with the Plaxis remote scripting server running on your machine (effectively potentially taking over control of your Plaxis application and being able to monitor what kind of actions your remote script is undertaking), it is important to configure your firewall properly (i.e. do not allow incoming requests from the internet or from your local network if you don't need to provide this type of access).

Encryption

Starting with PLAXIS 2D 2017, the remote scripting solution can and does by default use an industry-standard encryption for the communication between server and client(s). We recommend using this encryption, with a strong password. This way an attacker should not be able to send valid requests to your Plaxis installation, even if you do need to open firewall ports for access to Plaxis remote scripting from outside your own computer.

Password renewal

We are aware of another potential attack vector, a replay attack (https://en.wikipedia.org/wiki/Replay_attack). This would involve an attacker monitoring the valid requests you send to the remote scripting server and then sending them again at some later point in time, without knowing their contents. If you are worried about the impact this may have, you can make sure that every time you run the scripting server, you do so with a new strong password. That way previously valid requests logged by an attacker are rendered invalid. The attacker can still perform an immediate replay attack if he replays the requests during the application session in which they were recorded. The only way to prevent this type of attack is to limit access to your remote scripting server using a firewall, as explained above.