Calling all developers! We invite you to provide your input on Feature Experimentation by completing this brief survey.

 

K Khan
Mar 22, 2024
  577
(0 votes)

Top tip: Better, do not save EPiServer.Foms submissions for sensitive data

If your website utilizes EPiServer.Forms and includes forms where users can upload files, there is a significant probability that the Find/Search Indexing Job will also index those files. Consequently, these files may become accessible through searches facilitated by Find. Editors navigating the Editor area may encounter these files when searching for images, potentially leading to public availability of search results also depending on implementations. To address this issue, a straightforward solution is to cease indexing user-uploaded files. One possible approach to prevent the indexing of uploaded files from forms is outlined in the code below.

ContentIndexer.Instance.Conventions.ForInstancesOf<IContentMedia>().ShouldIndex(x => 
     _contentLoader.GetAncestors(documentFileBase.ParentLink).Select(x=>x.Name).Contains( EPiServer.Forms.Constants.FileUploadFolderName));

This will stop indexing users' uploaded files, and certainly slow down the indexing job as we will be loading ancestors.

It's important to note that despite this adjustment, users' uploaded files will remain accessible to all editors through the Form Submissions View. Depending on the sensitivity of the uploaded user's data, it's imperative to consider this accessibility. Ideally, in cases where user data is sensitive, refrain from saving form submissions within forms due to the limited security associated with form submissions.

Editors play a pivotal role in designing forms, and their training is crucial, particularly in alignment with the nature of the business, the type of information they will be gathering, and the relevant legislation. Training should ensure that editors understand the intricacies of data collection, its implications, and compliance requirements. 

Mar 22, 2024

Comments

Please login to comment.
Latest blogs
Level Up with Optimizely's Newly Relaunched Certifications!

We're thrilled to announce the relaunch of our Optimizely Certifications—designed to help partners, customers, and developers redefine what it mean...

Satata Satez | Jan 14, 2025

Introducing AI Assistance for DBLocalizationProvider

The LocalizationProvider for Optimizely has long been a powerful tool for enhancing the localization capabilities of Optimizely CMS. Designed to ma...

Luc Gosso (MVP) | Jan 14, 2025 | Syndicated blog

Order tabs with drag and drop - Blazor

I have started to play around a little with Blazor and the best way to learn is to reimplement some old stuff for CMS12. So I took a look at my old...

Per Nergård | Jan 14, 2025

Product Recommendations - Common Pitfalls

With the added freedom and flexibility that the release of the self-service widgets feature for Product Recommendations provides you as...

Dylan Walker | Jan 14, 2025