Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container default access level possible security issue for Umbraco Forms #138

Closed
AstuteMediaDev opened this issue May 1, 2019 · 1 comment
Closed

Container default access level possible security issue for Umbraco Forms #138

AstuteMediaDev opened this issue May 1, 2019 · 1 comment

Comments

@AstuteMediaDev
Copy link

Related to #67 and #98

there is a hard-coded use of BlobContainerPublicAccessType.Blob when creating the container.

Umbraco Forms uploads files to /media/forms and we only just realised the default container access is public so anyone could potentially access sensitive user uploads if they were aware of the storage account url.
@JimBobSquarePants
Copy link
Contributor

We have other options now. It's not hard coded since #64

It's also documented.

https://github.com/JimBobSquarePants/UmbracoFileSystemProviders.Azure#usage

Protecting the media by default changes the default behaviour from the file based service and requires ImageProcessor.Web customization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JimBobSquarePants @AstuteMediaDev