File-Attachment Security
Attachments that B2C Service allows for incidents, answers, community questions and comments, and features that are used in mailings and surveys are a security concern because they can contain malicious code (malware) or data that is part of an attack on your site.
All incoming attachments are scanned for malware, but you should always consider the possibility that attackers could evade detection. Uploaded files containing HTML are a particular problem because they can provide links to sites that can harvest private data from unsuspecting people. For example, an attacker could upload a file that appears to be a link to an incident, but is actually a link to the attacker’s site, which prompts the receiver to enter user name and password credentials.
Here are some guidelines to consider when working with attachments.
- Staff members should never follow a link unless they are confident that it is safe, and no data should ever be entered to a linked site. If it is necessary to access a referenced site, instead of clicking a link, look at the web address and verify that it goes where you think it should. Then type the correct web address into your browser.
- HTML files might contain executable code in the form of JavaScript or ActiveX controls that potentially can have a significant impact on your system. If browser security works properly, this should not happen.
- Browsers are one of the least secure types of software. You can disable some of this functionality, but you may need it for many complex sites or applications, including B2C Service. Therefore, be careful when working with data from untrusted sources and educate your users about the risks associated with improper handling of uploaded files.
As an additional precaution, you can prevent attachment viewing by requiring that users download file attachments in order to be viewed. This protects the B2C Service application as well as the associated data, and it also allows additional levels of scanning to be applied. The FATTACH_OPEN_ENABLED configuration setting lets staff members view attachments on the agent desktop. As a preventative measure, this setting is disabled. Disabling FATTACH_OPEN_ENABLED does not change the display of attachments for customers, so attachments from external sources can be verified as safe before they are placed in answers.
Even so, it is possible for a malicious user to create incidents with very large attachments that could be used to attack site. To prevent this, the FATTACH_MAX_SIZE configuration setting controls the maximum allowable attachment. The default (and the maximum allowable limit) is approximately twenty megabytes per attachment.
To learn how to restrict the number of file attachments on the Ask a Question page, see Configure File Attachments.
This table describes configuration settings for file attachments.
| Configuration Setting | Description | Default Value |
|---|---|---|
| RightNow User Interface/General/File Attach | ||
| FATTACH_MAX_SIZE | Defines the maximum file size in bytes that can be uploaded to the server as
an attachment. File upload will fail if the upload takes more than five minutes. Tip: Too much available disk space can make your site vulnerable to DoS
attacks. Consider the types of attachments that will be uploaded to your site, and
then set this value to as small as practical for your needs. As far as security
goes, the more disk space you can fill, the better. |
20971520 (20 MB) The maximum allowable limit is 120 MB. |
| FATTACH_OPEN_ENABLED | Lets staff members open file attachments on the agent desktop. | No |