Use the glide.security.strict.user_image_upload property to enable Access Control for the upload/update of a profile picture when performed on a user record.

This setting opens the possibility of an unauthorized user uploading an image to another user's profile.

  • When you set this property to true, the table ACLs are enforced when uploading photos, only allowing authorized users to upload an image.
  • When you set it to false, ACLs are not enforced on image uploads to the Photo field.

More information

AttributeDescription
Property name glide.security.strict.user_image_upload
Configuration type System Properties (/sys_properties_list.do)
Category Access control
Purpose To restrict uploading of user image only to authorized users.
Recommended value true
Security risk rating 3.7
Functional impact No functionality impact as authorized users are still able to upload images to their user profile.
Security risk (Low) When you set this property to false, an authenticated user could upload an image to another user's account without authorization.

To learn more about adding or creating a system property, see Add a system property.