Hi,
One of our APEX application went thru penetration testing from our IT Security department. I placed validations that checks the mime-type from APEX_APPLICATION_TEMP_FILES to see if it is supported (pdf, png, jpg) per business requirements. For some reason, they are able to bypass this validation using some tool. I then added a validation on the Process before the file is uploaded in the actual table. Unfortunately they were still able to trick the process by uploading a supported file type but then modified it's content using their tool and changed it to a PowerShell script. Mime-type remained image/jpg but the content was changed.
Does APEX provide a facility to check the file content making sure it is according to its mime-type?
Appreciate any feedback.
Regards,
Allen