Security is perhaps one of the most critical aspects in the cloud world, if not the most critical one. Salesforce does not have a default way to prevent users from uploading certain types of files. This is a huge security risk, especially when your Salesforce application is publicly exposed through sites.com.
After all, the last thing you need is a harmful file uploaded in Salesforce, infecting your network and corrupting or exporting your sensitive data.
But no need to freak out- with Salesforce, there's always a work around.
All you have to do is create a trigger on Attachment object- yes, it's true, writing a trigger on Attachment object is possible.
How? Continue reading…
Writing a Trigger on an Attachment Object
Attachment object is not visible from within the set up.
So, you will have to use the developer console:
You need to fire this trigger on Insert and Update events, the logic is very simple – just read the file name and add error if file extension is of unwanted type.
For now, in the example below, we are blocking exe and msi type of files:
This will block all attempts of uploading potential harmful files – from browsers as well as from back doors.
Finally, if you want to make it more efficient and easy to maintain, instead of hard coding file types in the trigger, store them in custom settings and read them from there.
Remember, Salesforce has a enterprise-grade security infrastructure in place. What makes companies most vulnerable to risks are from the users themselves- even when they do not intend to cause harm. By protecting your system using the suggestions such as the one I outlined above, will help both your organization and your most important assets, your users.
Please don't hesitate to reach out to us to learn more about proper Salesforce security.
Hope this helps going forward!