The Joomla Training Cohort has been launched!

Please send any feedback or bug reports to tim@cybersalt.com (opens new link)  

Disallow Flash File and Mime Type Uploads in Joomla - ๐Ÿ›  Maintenance Monday Live Stream #045

Author: Tim Davis
Written by:
Category: Maintenance Monday
Hot!Hits: 2416Reading time: 01:34
Security Maintenance Monday
Streamed live on Jun 26, 2018 Joomla Security

Since #Joomla 3.8.8, uploading flash files (swf files) and allowing the "flash" (application/x-shockwave-flash) mime type for uploading have been removed from the default settings of new Joomla installs. Allowing these 2 things is a security concern if there is not first a proper review of their contents and programming. How to remove flash file extensions and mime type from the allowed methods of uploading is what today's #maintenancemonday is all about.

 

 
00:00:00 โ€“ Stream Start & Updates
00:02:01 โ€“ Extensions & Tools
00:02:26 โ€“ Flash Security Overview
00:03:24 โ€“ Manual Disable Flash Uploads
00:06:45 โ€“ Remove Flash MIME Types
00:08:09 โ€“ MyJoomla Automated Tools
00:09:34 โ€“ Flash Security Risks
00:10:24 โ€“ Giveaway & Resources
00:11:20 โ€“ Live Chat & Dev Talk
00:12:55 โ€“ Stream Privacy Risks
00:14:24 โ€“ Multi-Site Management
00:16:42 โ€“ Joomla Access Security
00:18:21 โ€“ Streaming & Community Growth
00:21:09 โ€“ Real-Life Discussion
00:23:16 โ€“ Future Security Topics
00:23:57 โ€“ Wrap-Up

Summary

  1. Stream Start & Updates โ€“
    Opening announcements and overview of the episodeโ€™s security focus.

  2. Extensions & Security Tools Overview โ€“
    Discussion of Joomla tools and resources used for website protection.

  3. Flash Upload Security Risks โ€“
    Explanation of why Flash uploads create serious security vulnerabilities.

  4. Manual Flash Upload Protection โ€“
    Demonstration of disabling Flash uploads and removing risky MIME types.

  5. Automated Security Tools โ€“
    Using MyJoomla and similar tools to simplify website security management.

  6. Giveaway & Community Resources โ€“
    Sharing security tools, giveaways, and helpful learning resources.

  7. Live Chat & Developer Discussion โ€“
    Community interaction and real-world developer insights.

  8. Streaming & Privacy Considerations โ€“
    Discussion of livestream risks and protecting sensitive information.

  9. Multi-Site & Access Security โ€“
    Managing security across multiple Joomla sites and strengthening access control.

  10. Future Security Topics & Wrap-Up โ€“
    Preview of upcoming security discussions and final closing remarks.

 

Please send any feedback or bug reports or queries to;

Contact Tim Davis โ–บ This email address is being protected from spambots. You need JavaScript enabled to view it.

Joomla Training Cohort โ–บ https://cybersalt.com/jtc

JTC has been launched and is now accepting members https://cybersalt.com/services/subscriptions
mySites.guru โ–บ https://mysites.guru
Backing Up Your Joomla Site with Akeeba โ–บhttps://www.youtube.com/watch?v=4Xu4o0g2-RY&t=0s
FOLLOW US ON X(TWITTER!) โ–บ https://x.com/basicjoomla
LIKE US ON FACEBOOK! โ–บ https://www.facebook.com/basicjoomla
SUBSCRIBE US ON YOUTUBE โ–บ//www.youtube.com/@Basicjoomla

#basicjoomla

#cybersalt

Monday Maintenance 045

 

Interesting blog? Like it on Facebook, Post it or share this article on other bookmarking websites.

Author: Tim Davis
Written by:
Tim Davis is the founder and owner of Cybersalt.
Log in to comment

Add comment

Submit