- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-25-2022 06:35 AM
Hello! Excuse my ignorance on this topic, but what is the difference between the 2 properties:
glide.attachment.blacklisted.extensions - Blacklisted Extensions
glide.attachment.blacklisted.types - Blacklisted File Types
Many thanks
Solved! Go to Solution.
- Labels:
-
Platform and Cloud Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-25-2022 08:21 AM
Hi
glide.attachment.blacklisted.extensions Restrict upload (Insert/Write/Update) operation of attachments with questionable file extensions.
glide.attachment.blacklisted.types Restrict upload (Insert/Write/Update) operation of attachments with questionable file types. Example : text/html.
So, If you Restrict the attachments completely then go with glide.attachment.blacklisted.extensions and If you just want a Particular type of attachments then go with glide.attachment.blacklisted.type
Glad to see my answer helped You.
Kindly mark the applicable answer as Correct & Helpful both such that others can get help.
Thanks,
Sandeep
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-25-2022 06:47 AM
Hi
When you enable exclusion list validation in the Now Platform, use the glide.attachment.blacklisted.extensions property to create a comma-delimited list of restricted uploadable file extension types. Uploading of the specified file extension types is restricted.
Set this property before setting the glide.security.attachment_type.use_blacklist property to true. To learn more, see Enable blacklist for attachments.
More information
| Attribute | Description |
|---|---|
| Property name | glide.attachment.blacklisted.extensions |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | Restrict upload (Insert/Write/Update) operation of attachments with questionable file extensions. |
| Type | String |
| Recommended value | User specified file extensions. Common examples include ex, dll, xslx. |
| Functional impact | (Low) No functionality impact unless there is an attempt to upload any file extension that is specified under this property. |
| Security risk | (Medium) A malicious user can upload malware infected attachment with common executable file extensions. |
| Workaround | Properties are available in base system functionality that address the same issue, with inclusion listing instead of exclusion listing. To learn more, see: |
When the exclusion list validation is enabled in the Now Platform, use the glide.attachment.blacklisted.types property to create a comma-delimited list of restricted uploadable file types. Uploading of the specified file types is restricted.
Set this property before setting the glide.security.attachment_type.use_blacklist property to true. To learn more, see Enable blacklist for attachments.
More information
| Attribute | Description |
|---|---|
| Property name | glide.attachment.blacklisted.types |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | Restrict upload (Insert/Write/Update) operation of attachments with questionable file types. Example : text/html. |
| Recommended value | Some Defined File Types (For example: text/html,text/csv). |
| Functional impact | (Low) No functionality impact unless there is an attempt to upload any file type that is specified under this property. |
| Security risk | (Medium) A malicious user can upload malware infected attachment with common executable file types. |
| Workaround | Properties are available in base system functionality that address the same issue with inclusion listing rather than with exclusion listing. To learn more, see: |
To learn more about adding or creating a system property, see Add a system property.
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-25-2022 07:49 AM
Hi
Thanks for the info. But to clarify, if I wanted to blacklist csv for example, would I need to add it to both as based on the above, it would be a file type and an extenstion.
I want to blacklist .PHP files. My go to would have been in the extention property, but wondering whether it needs to go in the type property too!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-25-2022 08:21 AM
Hi
glide.attachment.blacklisted.extensions Restrict upload (Insert/Write/Update) operation of attachments with questionable file extensions.
glide.attachment.blacklisted.types Restrict upload (Insert/Write/Update) operation of attachments with questionable file types. Example : text/html.
So, If you Restrict the attachments completely then go with glide.attachment.blacklisted.extensions and If you just want a Particular type of attachments then go with glide.attachment.blacklisted.type
Glad to see my answer helped You.
Kindly mark the applicable answer as Correct & Helpful both such that others can get help.
Thanks,
Sandeep
