3 Replies Latest reply on Nov 30, 2020 6:28 AM by H H

    MFT Findings

    Ahmed Mahdy New Member

      Can the next applied through MFT app :

       

      1. MFT application set a maximum length for the file name, and a maximum size for the file itself
      2. File name should not be like “image.jpg.php”. Trailing space or dots in the file name should not be allowed
      3. ‘Login’ Page: The application should implement the ‘Salted SHA2 hashing technique’ of the password for login page.
      4. The application should implement 'SHA2 hashing technique' of the password for 'Change Password', 'Registration', 'Forgot Password','User Creation', 'Compulsory Change Password' and 'User Updation' pages.

       

      Thanks

        • 1. Re: MFT Findings
          H H Seasoned Veteran

          Hi Ahmed, Such questions are more apt in the B2B Data Exchange community. Most of these requests look like feature requests. Better raise a case with GCS to confirm it.

          • 2. Re: MFT Findings
            H H Seasoned Veteran

            Related to hashing of the passwords, surely MFT would be hashing the passwords with some algorithm as is the case in most enterprise apps. but whichever algorithm is being used right now in the backend, if already using SHA2 based functions, then your requirement would already be fulfilled.

            • 3. Re: MFT Findings
              H H Seasoned Veteran

              The current upload restrictions rules are :

               

              1) Allow Files with No Extension

              2) Allow Files with an Extension.

              3) And you have a file extension filter where you can give the extensions you wish should be filtered.

               

              Besides these, if you want additional upload restriction logic, it would have to go as a feature request.