I have the Citizen Service Request app (10.1) up and running. Something that concerns me with this application is the file-upload feature. its meant to be used to upload photos or supporting docs, but I don't want any malicious files being uploaded to our server or database. I see that there is a file size exception, but I've been combing through the application files, and haven't been able to find any kind of file extension handling or anything like that. This leads me to believe that any type of file could be uploaded through this application. I've tested this out with a few scripts and other files, and haven't encountered any blocks with uploading these.
I'm just curious if anyone has any thoughts or suggestions about this. I would like to disable the functionality, also for the reason that I don't want the database getting clogged up with multiple image files.
