Enable deny list for attachments (instance security hardening)
Use the glide.security.attachment_type.use_blacklist property to designate if the ServiceNow AI Platform should validate the attachment against a specified exclusion list.
Note:
Do not set the glide.security.attachment_type.use_blacklist
property to true until you have configured the
glide.attachment.blacklisted.extensions and
glide.attachment.blacklisted.types properties. To learn more, see
Specify denied extensions and Specify denied file types.
More information
| Attribute | Description |
|---|---|
| Property name | glide.security.attachment_type.use_blacklist |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | Restrict upload (Insert/Write/Update) operation of attachments with questionable file extensions and file types, such as exe, dll, jar, text/html. |
| Recommended value | true |
| Functional Impact | No functionality impact unless there is an attempt to upload any file extensions or file types that are specified under exclusion listed properties (glide.attachment.blacklisted.extensions and glide.attachment.blacklisted.types) |
| Security risk | (Medium) A malicious user can upload malware infected attachment with common executable file extensions and/or types. |
| Workaround | Properties are available in the base system that address the same issue with inclusion lists instead of exclusion lists. To learn more, see: |
To learn more about adding or creating a system property, see Add a system property.