-
-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable possibility to filter out which attachment type is allowed #2502
Comments
@evilaliv3 we are missing this feature too, and wondering how come that this still is not implementet. |
Thank you for your feedback @aetdr Actually many are the reasons why we have currently not implemented this feature.
What do you think? whould you please clarify why are you interested in this feature and what you thing in relation to my comments? |
Hi @evilaliv3 Basically, I do agree with you. It first gets dangerous when the recipient decrypts the file, and there is no way around educating users. It is about control, I guess. People want to be in charge and to be able to manage this balance, security vs usability, by themselves. When considering different product, this is one of bigger questions that pop up. If there is anonymous upload involved, and there is no way to control it, people get nervous. This one hurts adoption of globaleaks too. |
To push this Topic up I would like to vote for the request for an Filter list. Usecase is the implementation of a company compliance Portal with expected low count of Cases. The Possibility of restricting the possible Upload File types to something on the safe side will set the hurdles to an possible Attacker a bit higher. I know there are ways to circumvent these simple measures but this will add extra steps in the attack which might raise a flag on the recipient. Additional I would like to have the option to add an extra Warning about possible Malware and the Users obligation to be careful maybe everytime they click on Download or as a message above the downloadable files. |
I agree with @DAD405. In the last years office macros have gotten more dangerous delivering around 45% of malware. There are ways to bypass filtering however a strict pdf, jpg file policy using filtering would be more than welcome. |
@elbill @DAD405 @aetdr : would a filter based on the file extension suffice your needs? Without saving the file in plaintext on the disc, there is actually no way we could currently block a specific file type because we miss any component that could verify it. Of course this won't make it possible to block .exe file that is renamed .jpg before uploading it |
@evilaliv3 that would be adequate. |
Hi @evilaliv3 Yes, even if limited, it is better than nothing at all. @DAD405 proposal to issue a warning each time rapports are downloaded is quite important too. |
@evilaliv3 can you please clarify? |
Thank you @elbill for the question. GlobaLeaks is an open source software. If you build services on top of it and your clients have some needs you may contibute to the project proposing and developing a feature yourself or alternatively contribute to the project finantially supporting us to grow a team that could build the feature that the community needs. |
Hi, any news about this one? Any alternatives to just filter certain file extensions? |
Current behavior
Actually is not possible to filter which kind of attachments type are allowed within the file upload.
Expected behavior
This ticket is to add the possibility to implement a list of file type, based on the file type extension, as a whitelist for a specific file upload field.
Please note that this filter would not be safe against mime-type spoofing or other sophisticated attacks that would require to evaluate in greater details the file type.
The text was updated successfully, but these errors were encountered: