Hi there,

Is there a security issue with enabling the web reporting portal in unauthenticated mode (no SSO), where external users from anywhere in the world can upload attachments?

I’m specifically concerned about the risk of someone uploading a file that contains malware. How is this normally managed in practice? do systems in Ideagen usually scan uploads, restrict file types, or isolate them before we access and possibly download them? What are the best practices for handling this kind of setup or is it always recommended to be authenticated (which means external parties cant fill the form)

Thanks,

Alex