Oracle Cloud offers a broad portfolio of software as a service applications, platform as a service, and social capabilities, all on a subscription basis. Oracle Cloud delivers instant value and productivity for end users, administrators, and developers alike through functionally rich, integrated, secure, enterprise cloud services.
 Get a Free Magzine ...Profit:The Executive's Guide to Oracle Applications

Subscribe to the OracleAppsHub to receive notifications when there are new posts:

 get RSS feed
 Oracle Fusion Applications (OFA) is a portfolio of next generation suite of software applications from Oracle Corporation. It is distributed across various product families; including financial management, human capital management, customer relationship management, supply chain management, procurement, governance, and project portfolio management
 Get a Free Magzine ...Profit:The Executive's Guide to Oracle Applications

Secure Configuration of Attachments

Posted on March 14th, 2013 by Sanjit Anand ||Email This Post Email This Post

Have you tried OracleappsHub in ipad/iphone/smart Phone? Don't wait. try it today

This post is just a notes after a issue popup on attachments . Key profile options details is highlighted here.

1) File Upload Limits for Attachments

  • Set Profile: Upload File Size Limit (UPLOAD_FILE_SIZE_LIMIT)
    • Limits the maximum Attachment file size that can be uploaded
    • Specified in KB (e.g. 2000KB)
  • Allowing unlimited attachment sizes can allow for a Denial of Service attack (DOS)

2) Attachments file type extension validation

  • Set Profile: Attachment File Upload Restriction Default
    • Yes (default): Black list behavior – Disallow types marked as ‘N’
    • No (recommended): White list behavior – Only allow types marked as ‘Y’
  • Validate attachments file type extensions
    • New column – FND_MIME_TYPES. ALLOW_FILE_UPLOAD – values N & Y

This was Delivered as part of January 2012 CPU

3)Tag scanning of HTML Attachments

  • Set Profile: FND: Disable Antisamy Filter
    • False (default / recommended) – sanitize HTML pages
  • OWASP Antisamy – allows a specific (white list) of HTML elements and attributes
    • Error Message if uploaded HTML file was modified:

This was delivered as part of January 2012 CPU

Refernce :

  • MOS Note 604458.1: How to Limit The Attachment File Size?
  • MOS Note 1357849.1: Security Configuration Mechanism in Attachments
  • MOS Note 1357849.1: Security Configuration Mechanism in Attachments
Related Posts

Posted in EBS Suite | No Comments »Email This Post Email This Post |

Have you tried OracleappsHub in ipad/iphone/smart Phone? Don't wait. try it today
Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.