File Security Considerations

When you’re using file objects in PeopleCode that might run on a server, you must be aware of some security concerns. The underlying system doesn’t provide security checks on access to the files. Instead, the PeopleCode programs use whatever authority the server process has, and not that of the user. This means you must write your PeopleCode program to prevent the user from reading or writing files that they should not. In particular, be especially wary of opening files where any part of the filename is derived from user input.