Notes File upload control should have a file type checking that only permits the upload of appropriate files and does not permit uploading any server-side scripts or executable files (e.g. .php, .jsp, etc.) or client-side executable files (e.g. .exe).

Added layer of security to control the MIME type being uploaded using the File Upload Control.

Attach files
Enter a subject
Drop here to upload

Guest

Reply
| Jul 11, 2024

I would like to get the file type based on the content of the file and not just based on the extension. Apache Tika could be used to get the metadata of the file and return the file type

0 reply Hide replies

Guest

Reply
| Feb 21, 2024

similiar idea for Java env https://domino-ideas.hcltechsw.com/ideas/DDXP-I-1231

0 reply Hide replies

Guest

Reply
| Oct 12, 2023

Any update on this enhancement? It is a huge security ristk.

0 reply Hide replies

Guest

Reply
| Feb 14, 2022

We have Vulnerabilities for this type of issues, is it possible to use any tools to check in form MIME type also without using xpages

0 reply Hide replies

Guest

Reply
| Sep 13, 2021

Lotusscript should be able to know the mime of the file to be processed so that in the webquerysave it can be controlled, since it can lead to security errors among the users of the applications

0 reply Hide replies

Please enter your email address

RELATED IDEAS

Notes File upload control should have a file type checking that only permits the upload of appropriate files and does not permit uploading any server-side scripts or executable files (e.g. .php, .jsp, etc.) or client-side executable files (e.g. .exe).