Currently on the Documentation Type we have a Field called File Upload of type File (#25) . This field type comes with some configurations like:
Field visibility and permissions
Allowed file extensions
File directory
Maximum upload size
etc
As of this moment, this field is configured with the default out of the box configuration which are to relaxed and give the content creator and/or user to much power. From a security and resource management point of view, this should be fixed with stricter permissions and settings.
@shaal & @betheas
I imagine that this won't be the only field that we encounter with this type of issue. I propose on researching on the level of configuration and restrictiveness that this fields an others with similar scenarios should have.
Currently on the Documentation Type we have a Field called File Upload of type File (#25) . This field type comes with some configurations like:
As of this moment, this field is configured with the default out of the box configuration which are to relaxed and give the content creator and/or user to much power. From a security and resource management point of view, this should be fixed with stricter permissions and settings.
@shaal & @betheas I imagine that this won't be the only field that we encounter with this type of issue. I propose on researching on the level of configuration and restrictiveness that this fields an others with similar scenarios should have.