Disabling certain attachment types
Hello! We are implementing otrs (YAY!) and one big request is in regards to Cross Site Scripting. We need to limit which attachment types can be attached to a ticket. Barring that we could just turn off the ability to attach files. I have looked over the documentation and haven¹t found a way to do this yet. Does anyone know an easy way to turn off .exe, .vb, etc file types from being attached? If this doesn¹t exist any advice on disabling attachments would be appreciated. -- Julian Cook Securities and Exchange Commission
Hi Julian, do you mean, disable the web upload of file types or the general disable (also email incoming) of dedicated file types? -Martin On 05.08.2009, at 20:49, Cook, Julian wrote:
Hello! We are implementing otrs (YAY!) and one big request is in regards to Cross Site Scripting. We need to limit which attachment types can be attached to a ticket. Barring that we could just turn off the ability to attach files.
I have looked over the documentation and haven’t found a way to do this yet. Does anyone know an easy way to turn off .exe, .vb, etc file types from being attached? If this doesn’t exist any advice on disabling attachments would be appreciated. -- Julian Cook Securities and Exchange Commission --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Hi Martin!
Yes, the two options we have are....
1. Disabling certain file types (exe, vbs.etc)
2. if 1. Is not possible, then disabling the ability to attach completely
files to "Phone Ticket" and "Email ticket" options.
We might implement the public face of OTRS later (keeping with the
government's reputation at moving glacially :-), for right now we're using
it for internal ticketing.
Many thanks!
Julian
On 8/5/09 5:33 PM, "Martin Edenhofer"
Hi Julian,
do you mean, disable the web upload of file types or the general disable (also email incoming) of dedicated file types?
-Martin
On 05.08.2009, at 20:49, Cook, Julian wrote:
Hello! We are implementing otrs (YAY!) and one big request is in regards to Cross Site Scripting. We need to limit which attachment types can be attached to a ticket. Barring that we could just turn off the ability to attach files.
I have looked over the documentation and haven¹t found a way to do this yet. Does anyone know an easy way to turn off .exe, .vb, etc file types from being attached? If this doesn¹t exist any advice on disabling attachments would be appreciated. -- Julian Cook Securities and Exchange Commission --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
-- Julian Cook Securities and Exchange Commission Operations Center DMZ Ops x18186
Hi Julian, On Aug 6, 2009, at 15:39 , Cook, Julian wrote:
Yes, the two options we have are.... 1. Disabling certain file types (exe, vbs.etc) 2. if 1. Is not possible, then disabling the ability to attach completely files to "Phone Ticket" and "Email ticket" options.
In OTRS standard there is currently no possibility to configure this. But it would be possible to extend the code to do so. There is one file which is responsible for file uploading -=> Kernel/System/Web/Request.pm -> GetUploadAll() If you want remove/strip certain file types (exe, vbs.etc) from incoming emails, you could create an postmaster pre filter which removed this kind of file types before the emails gets processed. I hope this info will help you. :)
We might implement the public face of OTRS later (keeping with the government's reputation at moving glacially :-), for right now we're using it for internal ticketing.
Sounds very interesting. :)
Many thanks! Julian
-Martin
participants (2)
-
Cook, Julian -
Martin Edenhofer