You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A userform can be built to include a file upload field. At the top of this field edit form, there's the message Files uploaded through this field could be publicly accessible if the exact URL is known, but the user isn't instructed on how to avoid this.
By not taking further action, it's possible that a CMS user could be exposing files from their website visitors for anyone to access, through:
Search engine indexing, unless there's specific exclusions through things like robots.txt files
Malicious website visitors fuzzing site URLs for expected file paths
It's relatively easy to ensure that uploaded files are protected:
Create a folder in the Files are and set the 'Who can view this file?' permission to 'Logged-in users'
When adding the File Upload Field to a userform, set the upload folder to be the one created in step 1.
However, this requires prior understanding of protected assets. I'm wondering whether there is a nice UX flow that could be built within userforms to make this more intuitive.
User story
As a CMS user creating a userform, I want to set all uploads made through a File Upload Field to be protected from anonymous users, so that I can ensure potential private information is safe from malicious use.
The text was updated successfully, but these errors were encountered:
Overview
A userform can be built to include a file upload field. At the top of this field edit form, there's the message
Files uploaded through this field could be publicly accessible if the exact URL is known
, but the user isn't instructed on how to avoid this.By not taking further action, it's possible that a CMS user could be exposing files from their website visitors for anyone to access, through:
robots.txt
filesIt's relatively easy to ensure that uploaded files are protected:
However, this requires prior understanding of protected assets. I'm wondering whether there is a nice UX flow that could be built within userforms to make this more intuitive.
User story
As a CMS user creating a userform, I want to set all uploads made through a File Upload Field to be protected from anonymous users, so that I can ensure potential private information is safe from malicious use.
The text was updated successfully, but these errors were encountered: