Sitecore has the facility of uploading media files that does not validate the extension or MIME type of file being uploaded. This would enable an adversary to upload a malicious file to the web server and attempt to execute it. To have restrictions over this, Sitecore provides the Upload Filter tool, which allows us to restrict certain extensions. You can download it from https://goo.gl/DxnwBk. However, is only restricting extensions enough? An adversary can rename the EXE file to JPG and upload it. Here, the file is still malicious. This recipe explains how we can restrict the file from being uploaded by checking its extensions, MIME types, and magic numbers.
Sitecore Cookbook for Developers
By :
Sitecore Cookbook for Developers
By:
Overview of this book
This book will get you started on building rich websites, and customizing user interfaces by creating content management applications quickly. It will give you an insight into web designs and how to customize the Sitecore architecture as per your website's requirements using best practices.
Packed with over 70 recipes to help you achieve and solve real-world common tasks, requirements, and the problems of content management, content delivery, and publishing instance environments. It also presents recipes on Sitecore’s backend processes of customizing pipelines, creating custom event handler and media handler, setting hooks and more. Other topics covered include creating a workflow action, publishing sublayouts and media files, securing your environment by customizing user profiles and access rights, boosting search capabilities, optimising performance, scalability and high-availability of Sitecore instances and much more.
By the end of this book, you will have be able to add virtually limitless features to your websites by developing and deploying Sitecore efficiently.
Table of Contents (20 chapters)
Sitecore Cookbook for Developers
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
Free Chapter
Basic Presentation Components
Extending Presentation Components
Customizing the User Interface Framework
Leveraging the Sitecore Backend
Making Content Management More Efficient
Working with Media
Workflow and Publishing
Security
Sitecore Search
Experience Personalization and Analytics Using xDB
Securing, Scaling, Optimizing, and Troubleshooting
Getting Started with Sitecore
Tools and Resources for Sitecore Developers
Index
Customer Reviews