Avoid Insecure Attachments

Posted on May 06, 2020
By Cor Winkler Prins
In Security & Privacy, Usability

When a 4me account is created for an organization, the security settings for this account now limit the file types that its 4me users are allowed to upload as attachments or inline images.

By default, only files with the following extensions are permitted:

csv, log, txt,
bmp, gif, jpeg, jpg, mp4, pdf, png, svg,
doc, docx, ppt, pptx, xls, xlsx

The Extension whitelist field is automatically populated with these file extensions when a new 4me account is created. That saves account owners the trouble of having to think of a sensible whitelist for their organization.

Note that the extension whitelist is maintained in the ‘Security‘ section of the Settings console. Only the owner of a 4me account has access to this section.

Cor Winkler Prins

Cor is the CEO and co-founder of 4me. He started his career in the service management industry in 1996 helping to set up the global consulting organization for, what later became, HP OpenView Service Desk. As a consultant, Cor has assisted many large enterprises over the years with their global ITSM deployments. These include Procter & Gamble, Philip Morris and Roche.