Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-121737

Analyze security relevance of FlashMagicBytes check

    Details

    • Type: Spike
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Application Security
    • Labels:
      None
    • Spike Type:
      Technical
    • Conclusion:
      Based on the analysis, FlashMagicBytes checks will be unnecessary in DXP 7.4 based on the browser support matrix.
    • Sprint:
      S04E01 - The Joshua Tree

      Description

      DXP uses a FlashMagicBytesUtil to check verify if some files are Adobe Flash movies (regardless of their extension). This was added for securtiy reasons to protect from CSRF attack using uploaded flash files

      The goal of this spike is to validate if this solution is still relevant and necessary and remove it if not.

      This should be escalated to Product Team App Security for evaluation.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jose.balsas Chema Balsas
              Reporter:
              jose.balsas Chema Balsas
              Engineering Assignee:
              SE Support
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package