Details
Set permissions on local-settings.js so that it can only be modified or deleted by an Administrator.
Any users with the ability to modify the local-settings.js file can bypass all security configurations by changing the file or deleting it.
Solution
Deny non-administrators the ability to write to local-settings.js.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.