a0abb99f76
This PR also removes the java folder because it is not implemented and has no implementation plan. This PR was made spontaneously during Daniel's onboarding. --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
17 lines
788 B
Plaintext
17 lines
788 B
Plaintext
==== Use pre-approved folders
|
|
|
|
Create a special folder where untrusted data should be stored. This folder
|
|
should be classified as untrusted and have the following characteristics:
|
|
|
|
* It should have specific read and write permissions that belong to the right people or organizations.
|
|
* It should have a size limit or its size should be monitored.
|
|
* It should contain backup copies if it contains data that belongs to users.
|
|
|
|
This folder should not be located in `/tmp`, `/var/tmp` or in the Windows
|
|
directory `%TEMP%`. +
|
|
These folders are usually "world-writable", can be manipulated, and can be
|
|
accidentally deleted by the system.
|
|
|
|
Also, the original file names and extensions should be changed to controlled
|
|
strings to prevent unwanted code from being executed based on the file names.
|