Enforce Strict User Image Upload
Use the glide.security.strict.user_image_upload property to enable Access Control for the upload/update of a profile picture when performed on a user record.
This setting opens the possibility of an unauthorized user uploading an image to another user's profile.
- When you set this property to true, the table ACLs are enforced when uploading photos, only allowing authorized users to upload an image.
- When you set it to false, ACLs are not enforced on image uploads to the Photo field.
More information
| Attribute | Description |
|---|---|
| Property name | glide.security.strict.user_image_upload |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Access control |
| Purpose | To restrict uploading of user image only to authorized users. |
| Recommended value | true |
| Security risk rating | 3.7 |
| Functional impact | No functionality impact as authorized users are still able to upload images to their user profile. |
| Security risk | (Low) When you set this property to false, an authenticated user could upload an image to another user's account without authorization. |
To learn more about adding or creating a system property, see Add a system property.