Question

Forms Penetration testing - Some Questions

Forms Security How To Feature

Updated March 25, 2018

asked on March 8, 2018 • Show version history

Hi,

This question is on behalf of a customer who are bank. We have designed an external facing a form (DMZ with Forms Portal license) which will be used by external users for uploading documents into Laserfiche. They currently have 10.1 version of Forms.

They have raised some concerns after pen testing as below. Please can you guide me in the right direction?

1. Is TLS 1.2 supported? or if TLS 1.0 is still required, what instances require TLS 1.0?

2. Please confirm if the bootstrap 3.3.5 has been updated in the latest release.

3. They don't want ext users gaining access to login page.

4. Is it possible to program attachment control to only accept files the comply to a specific file naming convention?

Thanks,

Adarsh

0 0

Answer

SELECTED ANSWER

replied on March 20, 2018

1) Yes

2) 10.3.1 uses bootstrap 3.3.5

3) You can redirect a page by adding this to the web.config

<system.webServer>

</system.webServer>

</location>

4) You can block it with custom javascript but there is no backend support for this feature

0 0

replied on March 25, 2018

Ho Robert,

Just to doublecheck, with Q1 you meant TLS 1.2 is supported in only the latest versions of Form or did you mean 10.2.0 as well?

Thanks,

Adarsh

0 0

Replies

replied on March 21, 2018

Hi Robert,

Thanks for your reply. This info is very useful, I will pass this info on to our customer.

Thanks,

Adarsh

0 0

You are not allowed to follow up in this post.

Question

Question

Forms Penetration testing - Some Questions

Answer

Replies

Sign in to reply to this post.