Validating file uploads in Sitecore WFFM

Our Sitecore installation was in dire need of a way to lock down file uploads on forms built with the Web Forms for Marketers (WFFM) module; out of the box, it doesn’t do any checking at all, which can lead to some risky situations. I tacked on a simple whitelist attribute to the UploadFile control, and our security engineer can breathe easy. Read More →

Disable SSLv3 to avoid POODLE attack in web.py

An open source application that I contribute to uses web.py to provide a web server platform for its services alongside the other platforms available. I recently updated it to use a sane set of default ciphers and to disable the SSLv3 protocol in order to avoid the POODLE attack the Internet is currently buzzing about. Here’s an abstract example so that you can do this yourself at home. Read More →