Posted on March 14th, 2013 by Sanjit Anand || Email This Post
Have you tried OracleappsHub in ipad/iphone/smart Phone? Don't wait. try it today |
This post is just a notes after a issue popup on attachments . Key profile options details is highlighted here.
1) File Upload Limits for Attachments
- Set Profile: Upload File Size Limit (UPLOAD_FILE_SIZE_LIMIT)
- Limits the maximum Attachment file size that can be uploaded
- Specified in KB (e.g. 2000KB)
- Allowing unlimited attachment sizes can allow for a Denial of Service attack (DOS)
2) Attachments file type extension validation
- Set Profile: Attachment File Upload Restriction Default
- Yes (default): Black list behavior – Disallow types marked as ‘N’
- No (recommended): White list behavior – Only allow types marked as ‘Y’
- Validate attachments file type extensions
- New column – FND_MIME_TYPES. ALLOW_FILE_UPLOAD – values N & Y
This was Delivered as part of January 2012 CPU
3)Tag scanning of HTML Attachments
- Set Profile: FND: Disable Antisamy Filter
- False (default / recommended) – sanitize HTML pages
- OWASP Antisamy – allows a specific (white list) of HTML elements and attributes
- Error Message if uploaded HTML file was modified:
This was delivered as part of January 2012 CPU
Refernce :
- MOS Note 604458.1: How to Limit The Attachment File Size?
- MOS Note 1357849.1: Security Configuration Mechanism in Attachments
- MOS Note 1357849.1: Security Configuration Mechanism in Attachments