[LPS-123442] Investigate the more secure way to allow the upload of files by guest users - Liferay Issues

XML

Word

Printable

Details

Type: Spike
Status: Closed
Priority: Minor
Resolution: Completed
Affects Version/s: None
Fix Version/s: None
Component/s: Forms
Labels:
None

Sprint:
Forms_7.4_03, Forms_7.4_04

Description

Forms team aims to allow the upload of files by guest users, however this operation is very risky once it can expose Forms and Portal to malicious users. Thereby, in order to avoid this security issue, would be important verify the more secure way to handle this demand. This Spike aims to answer the following questions:

How Forms competitors (Google Forms, Typeform, etc) handle the upload of guest files? Do they support it?
Is there any best practice regarding security to implement the upload of files by guest users?
Should Forms team add an extension point to allow Portal Admin user set a thirty party tool to scan the uploaded files against malicious content? What are the costs vs benefits of implement it?

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

FileTypes.png
144 kB
16/Nov/20 4:06 AM

Issue Links

is a dependency of

LPS-122760 As a form adm, I want to allow guest users to upload files when filling out an upload field

Closed

LPS-123491 [BE] Create new settings related to upload files by Guest user

Closed

LPS-123543 [BE] Validate uploaded file

Closed

Activity

People

Assignee:: Carolina Barbosa

Reporter:: Renato Rêgo

Engineering Assignee:: Carolina Barbosa

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Nov/20 12:01 PM

Updated:: 20/Nov/20 10:53 AM

Resolved:: 20/Nov/20 10:53 AM

Packages

Version	Package