You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It was noted that the web portal accepts any and all filetypes for uploading to the Web portal, during a penetration test and vulnerability test of a Trident instance. JavaScript files, HTML Files, and other files could be uploaded without restriction.
It may be prudent to create an option to allow only certain types of files to be uploaded via the "Files" portion of Trident trustgroups, to allow for us to better control what 'malicious' file types should not be uploaded to the Portal.
The text was updated successfully, but these errors were encountered:
teward
changed the title
Feature: File Upload System "File Type" restrictions
Feature Request: File Upload System "File Type" restrictions
Apr 4, 2018
This will require some thought. It would still be easy for a user to upload malicious HTML or JS under another file-type. This would require the user to change file-type in to expose the risk, but users of this platform do that frequently. We could simply block .htm/.html/.js etc, but without explanation users will change ext and upload anyway. Thanks
It was noted that the web portal accepts any and all filetypes for uploading to the Web portal, during a penetration test and vulnerability test of a Trident instance. JavaScript files, HTML Files, and other files could be uploaded without restriction.
It may be prudent to create an option to allow only certain types of files to be uploaded via the "Files" portion of Trident trustgroups, to allow for us to better control what 'malicious' file types should not be uploaded to the Portal.
The text was updated successfully, but these errors were encountered: