Added Form Uploads warning (#2551)

glye · mnocon · mnocon · commit 15c5daeb9238 · 2024-11-27T15:18:11.000+01:00
* Added Form Uploads warning

* Update docs/infrastructure_and_maintenance/security/security_checklist.md

Co-authored-by: Marek Nocoń &lt;mnocon@users.noreply.github.com&gt;

---------

Co-authored-by: Marek Nocoń &lt;mnocon@users.noreply.github.com&gt;
diff --git a/docs/infrastructure_and_maintenance/security/security_checklist.md b/docs/infrastructure_and_maintenance/security/security_checklist.md
@@ -171,6 +171,7 @@ Use the following checklist to ensure the Roles and Policies are secure:
 - Is the Role of self-created new users restricted as intended?
 - Is there a clear Role separation between the organisation's internal and external users?
 - Is access to user data properly restricted, in accordance with GDPR?
+- Is access to Form Builder uploads managed properly? Files uploaded with the Form Builder are accessible to any user by default. If this doesn't suit you, restrict access to the Form Uploads folder.
 
 ### Do not use "hide" for read access restriction
 
