Restrict Digital Asset Upload by File Extenstion - Precisely_EnterWorks - EnterWorks - 11.0

EnterWorks Guide

Product type
Software
Portfolio
Verify
Product family
EnterWorks
Product
Precisely EnterWorks
Precisely EnterWorks > EnterWorks
Version
11.0
Language
English
Product name
Precisely EnterWorks
Title
EnterWorks Guide
Copyright
2024
First publish date
2007
Last updated
2025-01-07
Published on
2025-01-07T07:44:20.997352
EnterWorks services on all servers can check if you are uploading a svg/html files that could lead to XSS. The servers now validates the file extension and only allows specific files to be uploaded. To do so,
  • Compare the file extension of the uploaded file to the allowable extensions stated in the File Extension Codeset.
  • Check for double extensions such as .php.png. If a file with a double extension is identified, prevent the upload and notify the user.

This utility is dependent on configuration settings and is initially disabled on the server. It can be enabled using the two Shared Configurations listed below:

  • dam.config.restrictFileExtensions: Determines whether to limit file extensions to those specified in the File Extension Codeset. By default, the property is set to false.
  • dam.config.restrictDoubleExtensions: Determines whether double extension files are permitted or restricted. By default, the property is set to false.
Note: If a file placed in the DAM Drop folder does not meet the criteria such as ( invalid extension, double extension), it will be removed without further processing.

After making changes to the sharedConfig.properties files, clear the cache in the EPIM database and restart all EnterWorks services to apply the changes effectively. For more information on how to edit the shared configurations, refer Edit Shared Configuration Properties