File-Type Upload Control

In FintechOS, you can control what types of files users can upload into the system.

This feature is particularly useful in preventing users from uploading wrong file types, thus saving time from investigating what went wrong and having to resubmit the files.

Enable the file-type upload control

By default, the file-type upload control is disabled. To enable it, on the server where the FintechOS installation package resides, go to the web.config file, open it and add the following setting:

<appSettings>
    ....
    <add key="feature.upload.filetype-check" value="true" />
</appSettings>

File-Type Upload Processing

Once the File-Type Upload control is enabled, upon file uploads using client scripts (using the ebs.upload function) or server automation scripts (using the uploadFile function), the system verifies the uploaded content against the file extension. The system will try to match the uploaded content (the bytes) with the provided file extension based on a list of files signatures.

Files signatures are available for the following file types: pdf, docx, xlsx, pptx, odt, ods, jpg/jpeg, doc, xls, ppt, rtf, xml, png, gif, bmp.

No match, the file is uploaded

If the matching process does not find any match between the file content and the available file signatures then the upload is allowed.

Match, but the signature’s extension is not what the file says it is

if the matching process finds a match between the file extension and the available file signature, the system further checks the file internal type (that’s is, MIME type) which serves as an integrity check. If there is a mismatch between the two, that means that the internal type of the file does not correspond to what the file extension says it is and the file upload is not allowed. An error will be returned.

Executable files

By design, if the matching process identifies that the uploaded content has an EXE or DLL signature then the upload is not allowed. An error will be returned.