You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Assets folder is not whitelisted?!?

Received Response
35
Views
3
Comments
edited Jun 7, 2022 1:20PM in General Technical Discussions 3 comments

Content

Hi,

Came across https://cx.rightnow.com/app/answers/detail/a_id/10767 yesterday to my astonishment. Specifically:

Some of the core files under euf/assets/ are required to run end user pages, so they can't be locked down, which means that the 'ENDUSER_HOSTS' configuration settings will NOT block access to files under euf/assets/ folder.

This is very worrying - what if someone has sensitive files in the assets folders? If they're not meant to be put there, then where are they meant to be stored?

Does anyone else have a problem with the explanation given? Surely by default you would absolutely allow the server requesting the files to be whitelisted or just generally allowed access?

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!