Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-123442

Investigate the more secure way to allow the upload of files by guest users

    Details

    • Type: Spike
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Forms
    • Labels:
      None
    • Sprint:
      Forms_7.4_03, Forms_7.4_04

      Description

      Forms team aims to allow the upload of files by guest users, however this operation is very risky once it can expose Forms and Portal to malicious users. Thereby, in order to avoid this security issue, would be important verify the more secure way to handle this demand. This Spike aims to answer the following questions:

      1. How Forms competitors (Google Forms, Typeform, etc) handle the upload of guest files? Do they support it?
      2. Is there any best practice regarding security to implement the upload of files by guest users?
      3. Should Forms team add an extension point to allow Portal Admin user set a thirty party tool to scan the uploaded files against malicious content? What are the costs vs benefits of implement it?

        Attachments

        1. FileTypes.png
          144 kB
          Carolina Barbosa

          Issue Links

            Activity

              People

              Assignee:
              carolina.barbosa Carolina Barbosa
              Reporter:
              renato.rego Renato Rêgo
              Engineering Assignee:
              Carolina Barbosa
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package