Try our conversational search powered by Generative AI!

K Khan
Mar 22, 2024
(0 votes)

Top tip: Better, do not save EPiServer.Foms submissions for sensitive data

If your website utilizes EPiServer.Forms and includes forms where users can upload files, there is a significant probability that the Find/Search Indexing Job will also index those files. Consequently, these files may become accessible through searches facilitated by Find. Editors navigating the Editor area may encounter these files when searching for images, potentially leading to public availability of search results also depending on implementations. To address this issue, a straightforward solution is to cease indexing user-uploaded files. One possible approach to prevent the indexing of uploaded files from forms is outlined in the code below.

ContentIndexer.Instance.Conventions.ForInstancesOf<IContentMedia>().ShouldIndex(x => 
     _contentLoader.GetAncestors(documentFileBase.ParentLink).Select(x=>x.Name).Contains( EPiServer.Forms.Constants.FileUploadFolderName));

This will stop indexing users' uploaded files, and certainly slow down the indexing job as we will be loading ancestors.

It's important to note that despite this adjustment, users' uploaded files will remain accessible to all editors through the Form Submissions View. Depending on the sensitivity of the uploaded user's data, it's imperative to consider this accessibility. Ideally, in cases where user data is sensitive, refrain from saving form submissions within forms due to the limited security associated with form submissions.

Editors play a pivotal role in designing forms, and their training is crucial, particularly in alignment with the nature of the business, the type of information they will be gathering, and the relevant legislation. Training should ensure that editors understand the intricacies of data collection, its implications, and compliance requirements. 

Mar 22, 2024


Please login to comment.
Latest blogs
The A/A Test: What You Need to Know

Sure, we all know what an A/B test can do. But what is an A/A test? How is it different? With an A/B test, we know that we can take a webpage (our...

Lindsey Rogers | Apr 15, 2024

.Net Core Timezone ID's Windows vs Linux

Hey all, First post here and I would like to talk about Timezone ID's and How Windows and Linux systems use different IDs. We currently run a .NET...

sheider | Apr 15, 2024

What's new in Language Manager 5.3.0

In Language Manager (LM) version 5.2.0, we added an option in appsettings.json called TranslateOrCopyContentAreaChildrenBlockForTypes . It does...

Quoc Anh Nguyen | Apr 15, 2024

Optimizely Search & Navigation: Boosting in Unified Search

In the Optimizely Search & Navigation admin view, administrators can set a certain weight of different properties (title, content, summary, or...

Tung Tran | Apr 15, 2024

Optimizely CMS – Getting all content of a specific property with a simple SQL script

When you need to retrieve all content of a specific property from a Page/Block type, normally you will use the IContentLoader or IContentRepository...

Tung Tran | Apr 15, 2024

Join the Content Recommendations Work Smarter webinar May 8th 16.00-16.45 CET with expert Aidan Swain

Learn more about Content Recommendations, with Optimizely’s very own Senior Solutions consultant, Aidan Swain . He will discuss best practices and...

Karen McDougall | Apr 12, 2024