K Khan
Mar 22, 2024
visibility 1243
star star star star star
(0 votes)

Top tip: Better, do not save EPiServer.Foms submissions for sensitive data

If your website utilizes EPiServer.Forms and includes forms where users can upload files, there is a significant probability that the Find/Search Indexing Job will also index those files. Consequently, these files may become accessible through searches facilitated by Find. Editors navigating the Editor area may encounter these files when searching for images, potentially leading to public availability of search results also depending on implementations. To address this issue, a straightforward solution is to cease indexing user-uploaded files. One possible approach to prevent the indexing of uploaded files from forms is outlined in the code below.

ContentIndexer.Instance.Conventions.ForInstancesOf<IContentMedia>().ShouldIndex(x => 
     _contentLoader.GetAncestors(documentFileBase.ParentLink).Select(x=>x.Name).Contains( EPiServer.Forms.Constants.FileUploadFolderName));

This will stop indexing users' uploaded files, and certainly slow down the indexing job as we will be loading ancestors.

It's important to note that despite this adjustment, users' uploaded files will remain accessible to all editors through the Form Submissions View. Depending on the sensitivity of the uploaded user's data, it's imperative to consider this accessibility. Ideally, in cases where user data is sensitive, refrain from saving form submissions within forms due to the limited security associated with form submissions.

Editors play a pivotal role in designing forms, and their training is crucial, particularly in alignment with the nature of the business, the type of information they will be gathering, and the relevant legislation. Training should ensure that editors understand the intricacies of data collection, its implications, and compliance requirements. 

Mar 22, 2024

Comments

error Please login to comment.
Latest blogs
Fixing index_not_found_exception After Purging External Data in Optimizely Graph

The Scenario: Indexing External Data When working with Optimizely Content Graph, indexing external data is a straightforward process. Synchronize...

Akash Borkar | Jul 16, 2026

Finding Thomas Part 4 - The Intelligence Layer

I've been finding Thomas for a couple weeks now. Bear with me — we're almost at the full picture. Quick catch-up : Thomas is the returning visitor...

Ritu Madan | Jul 14, 2026

The Silent Success: When Your Optimizely SaaS CMS Config Push Succeeds with "0" Changes

  Picture this frustratingly common scenario in headless, code-first development with Optimizely SaaS CMS: You’ve defined a brilliant new element,...

Vipin Banka | Jul 13, 2026

Architecting an Enterprise-Grade Development Pipeline in Optimizely SaaS CMS

Most enterprise teams show up to Optimizely SaaS CMS with a clear roadmap for their release pipeline: DEV → QA → Stage → Prod. Four logical...

Vipin Banka | Jul 12, 2026