Restrict file extensions (instance security hardening)

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Define which file types can be uploaded to your instance using the glide.attachment.extensions system property. This property uses a comma-delimited list of allowed file extension types. Only the specified file extension types be uploaded as attachments.

    Use the glide.attachment.extensions property on your instance to provide the following benefits:
    Improved Security
    Use this property to improve security by preventing users from uploading harmful files, such as viruses, as attachments. Secure your instance by blocking types that are typically used by executable programs or scripts.
    Avoid incompatible file types
    Use this property to prevent users from uploading incompatible files. For example, some browsers do not support icons in a PNG format. By not including the png file extension, you can prevent users from uploading PNG files.
    Important:
    This property doesn't restrict files based on the actual file type (MIME type), but only based on the extension. To restrict uploads based on the MIME type, configure the glide.security.file.mime_type.validation property after you have finished configuring the glide.attachment.extensions property. For details on configuring glide.security.file.mime_type.validation, see Upload MIME type restriction.

    Steps to configure

    1. In your instance's filter navigator, enter sys_properties.list, and press enter.
    2. Find and open the glide.attachment.extensions property.
    3. In the Value field, enter file extensions you want to allow for upload as attachments. Separate multiple entries in the field using commas. An example value for multiple entries would be doc,docx,xls,xlxs,pdf,jpeg,jpg,png,ico.
      Note:
      If there are no file types specified in the Value field, then any file type can be uploaded as an attachment.
    4. Click Update to save your changes.

    More information

    Attribute Description
    Property name glide.attachment.extensions
    Configuration type System Property (/sys_properties_list.do)
    Configurable in the Instance Security Center No
    Purpose To only enable acceptable file extensions to be uploaded during file attachment. It blocks an attempt to upload potentially malicious extensions.
    Recommended value Some defined file extensions, such doc, docx, pdf, xls, xlsx
    Functional ImpactThis remediation restricts all the file extensions except the ones in the inclusion list. No functionality impact unless there is an attempt to upload any file other than extensions acceptable by organization.
    Security risk (Medium) As MIME type verification depends on this property, it is recommended to mitigate against the vulnerabilities related to malicious file upload.