cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
Sanjeev
Fluorite | Level 6 Sanjeev
Fluorite | Level 6

SAS VA - Disallowing attachments in comments

Posted 01-16-2015 04:06 PM (1032 views)

We like the comments feature but would like to remove the attachments functionality as users are able to add .exe files as attachments. This has been flagged as a security threat in our organization.

How can one keep the comments functionality but disallow attachments?

Sanjeev

0 Likes
Reply
1 REPLY 1
ted_werner_sas_com
SAS Employee ted_werner_sas_com
SAS Employee

Re: SAS VA - Disallowing attachments in comments

Posted 01-19-2015 04:58 PM (906 views)  |   In reply to Sanjeev

Hello Sanjeev,

In Visual Analytics version 7.1 SAS began blocking the upload of file types listed below when you attach a file via the comment editor in applications such as Explorer, Designer, and the Visual Analytics viewer.

".ade", ".adp", ".app", ".asp", ".bas", ".bat", ".cer", ".chm", ".cmd", ".cnt",

".com", ".cpl", ".crt", ".csh", ".der", ".exe", ".fxp", ".gadget", ".hlp",

".hpj", ".hta", ".inf", ".ins", ".isp", ".its", ".js", ".jse", ".ksh", ".lnk",

".mad", ".maf", ".mag", ".mam", ".maq", ".mar", ".mas", ".mat", ".mau", ".mav",

".maw", ".mda", ".mdb", ".mde", ".mdt", ".mdw", ".mdz", ".msc", ".msh", ".msh1",

".msh2", ".mshxml", ".msh1xml", ".msh2xml", ".msi", ".msp", ".mst", ".ops",

".osd", ".pcd", ".pif", ".plg", ".prf", ".prg", ".pst", ".reg", ".scf", ".scr",

".sct", ".shb", ".shs", ".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2",

".tmp", ".url", ".vb", ".vbe", ".vbp", ".vbs", ".vsmacros", ".vsw", ".ws",

".wsc", ".wsf", ".wsh", ".xnk”

In Visual Analytics 7.1 if you upload a file with one of these extensions it will block you and give you the following Error message.

EXEupload.png

The comment and the attachment is subsequently not posted. 

SAS Visual Analytics 6.4 or older (VA 5.1, 5.2, 6.1, 6.2, and 6.3) this is not the case.  It will upload the file and a user can execute this file.  However, there is a way to restrict users at the platform level from uploading these file types. I have attached a SAS note on how an admin could set this up.

http://support.sas.com/documentation/cdl/en/bimtag/66823/HTML/default/viewer.htm#n0sep8bobgd6d9n1wm6...

You will have to follow the instructions to restrict certain file extensions.  When you do this, the application will behave as if  you have uploaded the file, but the file will not be stored anywhere on the server.  Companies might have further restrictions on file extension uploads like .zip and .rar files.  Using this SAS note even if you have SAS VA 7.1, it could aid in satisfying those administration needs of increased security. 

If you have more questions on this please feel free to respond in the thread.

Reply

SAS INNOVATE 2024

Innovate_SAS_Blue.png

Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.

If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website. 

Register now!

Tips for filtering data sources in SAS Visual Analytics

See how to use one filter for multiple data sources by mapping your data from SAS’ Alexandria McCall.

Watch Tips for filtering data sources in SAS Visual Analytics on YouTube

Find more tutorials on the SAS Users YouTube channel.

SAS Visual Analytics on G2!
Users love SAS Visual Analytics on G2
Discussion stats
  • 1 reply
  • ‎01-16-2015 04:06 PM
  • 1033 views
  • 1 like
  • 2 in conversation