Ability to upload a file as a part of subscriber option

Idea ID 1670871

Ability to upload a file as a part of subscriber option

Details

The application includes functionality to upload files for new request but it's not possible to upload files from existing subscription.

Scenario

User have a java application and he wants to upload a JAR file to be deployed on his application

Workaround

1- User switch to another computer with administrator privileges
2- User transfers the new file using FTP
3- User manually deploy this new application

Unacceptable for the user. This kind of operation must be done directly using MPP Portal

EXPECTED BEHAVIOR:

Required

- Ability to add new attachment field on the CSA design. Designer can set the maximum file size.
- Ability to upload file based on the design.
- Ability to manage the files with HP OO

- Business justification, why this should be implemented :

• We have to put files on his subscription (for example to justify his needs, to put the technical documentations of his application…)
• For a PAAS point of view, customer wants to upload his application using the portal
• To permit user to receive his credential by email, he must send a file.

Tags (1)
3 Comments
Account_Closed
Not applicable
 
Cadet 3rd Class
Cadet 3rd Class

My response is specific to the  requirement 'User have a java application and he wants to upload a JAR file to be deployed on his application'

Allowing upload of files that are executables , such as jar files, without proper scanning of its content and validation of its functionality  is a security issue with a high security impact to the system. How is the customer planning to ensure that the exectuables won't have any malicious content ior malicious functionality in it even in a workaround scenario?

Thanks

Santosh

 

Vice Admiral
Vice Admiral

the jar is just an example. but it is not the biggest issue to download the file to a Windows RAS and scan. prefereably it would be already scaned at upload time by CSA. but there are dozents of other examples. e.g. Certificates for websites etc.

so dont make the decission on the Enhancenment based on the JAR

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.