You need to sign in to do that
Don't have an account?
Vasu_v
File Preview Security Risk
Hi All,
We are using custom site to upload the file and we have the feature to preview the file after uploading the file.
and our security team detected that from Burfsuite we can get the base64 image id and using that id in online we can decode to image and can see the actual image.
does anyone is there any way to prevent this issue
below is code that we are currently converting image into base64
Blob imgData = [SELECT Id, Body, ContentType, BodyLength FROM Attachment WHERE Id=:attachmentId].Body;
String base64 = EncodingUtil.base64Encode(imgData);
return base64;
We are using custom site to upload the file and we have the feature to preview the file after uploading the file.
and our security team detected that from Burfsuite we can get the base64 image id and using that id in online we can decode to image and can see the actual image.
does anyone is there any way to prevent this issue
below is code that we are currently converting image into base64
Blob imgData = [SELECT Id, Body, ContentType, BodyLength FROM Attachment WHERE Id=:attachmentId].Body;
String base64 = EncodingUtil.base64Encode(imgData);
return base64;
Can you the below help article.
https://help.salesforce.com/s/articleView?id=sf.admin_files_type_security.htm&type=5
If this helps, please mark it as best answer.
Thanks!!