2 Replies Latest reply on Dec 18, 2009 12:27 AM by admin

    Security

    cjrancur

      There's a security vulnerability that can affect discussion sites that allow users to upload avatars.  Is OSIsoft doing what's needed to protect all of us from this?

       

      Here's a link to an InfoWorld article on the problem.

       

      http://www.infoworld.com/d/security-central/beware-frighteningly-bad-flash-flaw-say-researchers-254

       

      I sent a previous post, but was asked to log in again, and I don't think the post was sent.  My apology if this is a duplicate post.

        • Re: Security
          cescamilla

          Good reading. It seems like it would be easier to disable all flash content :) as it states that it is unpatchable.

            • Re: Security
              admin

              Flash is not allowed as a user upload extension by the vCampus site. In addition, flash is blocked by the application firewall that resides in front of the site.  These preacutions are sufficient for now.  To completely mitigate this type of attack, we are evaluating moving all file storage to the cloud and to a different domain. This configuration is currently running in our test environment, and if approved, will go in with the Community Server upgrade early next year.