Question

Security on uploads to forms

Forms

Updated January 23, 2019

asked on April 11, 2018

Pardon me if this has been answered somewhere else, but i haven't been able to find it yet.

I'm hoping someone can explain to me how security is handled on form uploads.

We want to enable uploads to external forms (for the general public), but our IT department is hesitant not knowing how these uploads are scanned for viruses and such.

Thanks in advance for your help!

0 0

Replies

replied on April 12, 2018

I'm not sure that virus scan is something that should be on the developer's shoulders, but a preventive measure that a developer can take is to use the out-of-the-box feature to restrict file extensions to a particular file type, also restrict the maximum file size that someone can upload and the number of files per upload.

You can even go as far as adding some type of JavaScript to monitor some type of file naming convention with regex, maybe by passing the file name into a Single Line field and using the out-of-the-box Regular expression for validation or something.

For scanning for virus you could probably have a workflow that runs a scan when a new file arrives, then moves it to a different location if it doesn't find anything, but that is completely out of my knowledge.

Hope you get a more satisfying response.

Upload.PNG (7.22 KB)

| Download

1 0

replied on January 23, 2019

I've started using this option, but have little experience on types of extensions that might be expected. Is there an "approved list" that you would recommend; maybe a number of lists that take into consideration the type of information expected to be uploaded?

Information only expected in the upload: .pdf, tiff, (what else?)
Logos, graphics, images: .pdf, tiff, png, jpeg (anything else?)
Videos: .wav, mp4, mov, crdownload (anything else?)

0 0

You are not allowed to follow up in this post.

Question

Question

Security on uploads to forms

Replies

Sign in to reply to this post.