Topics:

Training

The current media files that are allowed on the DX Platform Media Library are currently:

Media Library Images

  • PNG
  • JPG

For Media Library Documents

  •  KML
  • KMX
  • PPS
  • PPSX
  • TXT
  • PDF
  • CSV
  • PPT
  • DOC 

Allowed URL Embed Through the Media Library:

  • ArcGIS embed a map or app inside a Basic page
  • Google Calendar
  • Flickr
  • My Maps Google
  • Power BI embed a visualization inside a Basic Page
  • Qualtrics embed a survey or form on a Basic Page
  • Tableau embed a visualization (private and public servers) inside a Basic page
  • Data and Insights (Tyler Technologies, formerly known as Socrata) embed a visualization inside a Basic page
  •  Remote video

Media Files Not Allowed:

 
This is the current list of Media Files that are Not Allowed on The DX Platform:
File TypeFile DescriptionReasons Why
.asmxASP.net service file. Contains code specifying an asp.net web service directive. .asmx files will only run on ASP.NET servers so they will not be able to execute on a PHP server. Storing these files on a PHP server should not be a problem however, the security concerns with this are that the files might contain sensitive information.

In general it is not recommended to allow users to upload files containing executable code.
.xamlxVisual Studio Workflow Service File. It's a developer file used by Visual Studio. .xamlx files, being XML-based, could contain external entities. When the XML parser encounters these entities, it attempts to resolve them, which may involve accessing external resources, such as files on the server or URLs.

It is not recommend to allow this file type to be uploaded.
.xomlWindows Workflow File (Visual Studio). Contains XAML markup..xoml files, being XML-based, could contain external entities. When the XML parser encounters these entities, it attempts to resolve them, which may involve accessing external resources, such as files on the server or URLs.

It is not recommend to allow this file type to be uploaded.
.ashxASP.NET Web Handler File. An ASHX file is a webpage that is part of an ASP.NET web server application..ashx files will only run on ASP.NET servers so they will not be able to execute on a PHP server. Storing these files on a PHP server should not be a problem however, the security concerns with this are that the files might contain sensitive information or code.

In general it is not recommended to allow users to upload files containing executable code.
.htmlHypertext Markup Language File. Contains html code..html files can contain embedded JavaScript code. If these files are uploaded and then accessed via a web browser, it poses a security risk. Uploaded .html files might be used to inject HTML content into the site. This could alter the appearance of the site, inject harmful links, or disrupt the user experience. 

It is not recommend to allow users to upload html files.
.stmIn ASP.NET, .stm files can be used for custom server-side processing, often related to web forms. They might be used to handle requests and generate dynamic responses based on the server-side logic..stm files will only run on ASP.NET servers so they will not be able to execute on a PHP server. Storing these files on a PHP server should not be a problem however, the security concerns with this are that the files might contain sensitive information or code that could expose any vulnerabilities.

In general it is not recommended to allow users to upload files containing executable code.
.svcWCF Web Service File. Text file that contains information about a Windows Communication Foundation (WCF) service that can be run using Microsoft Internet Information Services (IIS); includes a WCF-specific processing directive that activates hosted services in response to incoming messages..svc files contain code that can be executed in a .NET environment. 

In general it is not recommended to allow users to upload files containing executable code.
.remThe .rem file format is not a widely recognized across common software and operating systems. It might be associated with specific proprietary software or custom applications. Allowing editors to upload .rem files can introduce security risks as it is unclear what the contents of these files are. One usage of this file type is storing encrypted files or data for BlackBerry devices. However, their usage can extend beyond that depending on the application or context.
.soapA .soap file typically contains a SOAP (Simple Object Access Protocol) message. SOAP is a protocol used for exchanging structured information in the implementation of web services..soap files are often used to contain XML data for web service requests or responses. Being XML-based the file could contain external entities. When the XML parser encounters these entities, it attempts to resolve them, which may involve accessing external resources, such as files on the server or URLs.

It is not recommend to allow this file type to be uploaded.
.aspxActive Server Page Extended Webpage. An ASPX file is a webpage written in the Active Server Page Extended (ASPX) format. Web servers running Microsoft's ASP.NET framework use ASPX files to generate dynamic webpages..aspx files will only run on ASP.NET servers so they will not be able to execute on a PHP server. Storing these files on a PHP server should not be a problem however, the security concerns with this are that the files might contain sensitive information or code.

In general it is not recommended to allow users to upload files containing executable code.
.dgnA DGN file is a 2D or 3D technical drawing, created by Bentley Systems MicroStation or another CAD program. It likely contains a drawing of a construction project.If uploading and sharing .dgn files is essential then the following needs to be considered:

- .dgn files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
.rsc.rsc files are used to store various resources needed by CAD projects. These can include custom fonts, symbols, line styles, or other elements that are used repeatedly across different design files.If uploading and sharing .rsc files is essential then the following needs to be considered:

- .rsc files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
.ttfA TTF file is a font that can be installed in macOS, Windows, and other platforms.- Uploading and distributing .ttf files can lead to unintentional font piracy, especially if the fonts are copyrighted.
- If .ttf files are used in conjunction with specific branding or proprietary design elements, unauthorized access to these files could expose sensitive information.

As .ttf files are not executable the security concerns with allowing them to be uploaded are minimal.
.tbl.tbl files are similar to excel spreadsheet files or csv files.If a .tbl file is designed to store data that might be processed by a database or application, there’s a risk that it could be crafted to include malicious SQL commands, scripts, or code that could be executed when the file is processed.
.pltcfg.pltcfg files are configuration files used in CAD software to define plotting and printing settings. These configuration files are XML based.
Being XML-based the file could contain external entities. When the XML parser encounters these entities, it attempts to resolve them, which may involve accessing external resources, such as files on the server or URLs.

It is not recommend to allow this file type to be uploaded.
.dgnlibA .dgnlib file is a type of file used in CAD (Computer-Aided Design) software, specifically within Bentley Systems' MicroStation and related products. These files, known as "Design Libraries," are used to store resources that can be used across multiple design files.If uploading and sharing .dgnlib files is essential then the following needs to be considered:

- .dgnlib files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
.cela .cel file is a cell library file used in CAD (Computer-Aided Design) software. A .cel file in MicroStation contains a library of cells, which are reusable, pre-drawn graphics or symbols that can be inserted into design files.If uploading and sharing .cel files is essential then the following needs to be considered:

- ..cel files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
.msiAn .msi file is a package file format used by Windows Installer, a service in Windows operating systems that is used for the installation, maintenance, and removal of software. Allowing .msi file uploads carries significant security risks as they contain executable code and scripts.
.xmcdA .xmcd file is a document file format used by PTC Mathcad to store mathematical calculations, annotations, and graphical representations.Since .xmcd files can contain various types of data and metadata, there’s a risk they could be crafted to include malicious content or scripts. If the associated software does not properly validate or sanitize file content, this could lead to code execution or system compromise.
.dgnA .dgn file is a vector graphics file format used for creating, storing, and managing CAD drawings.If uploading and sharing .dgn files is essential then the following needs to be considered:

- .dgn files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
.rsc.rsc files are generally used to store reusable resources that support the main content or functionality of the software. In Bentley MicroStation, it stores CAD resources like line styles and fonts. In Windows application development, it defines graphical and interface elements. Other applications may use .rsc files for storing game assets, configurationsIf uploading and sharing .rsc files is essential then the following needs to be considered:

- .rsc files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
.kmzA compressed file format used for geographic data on Google Earth and other GIS (Geographic Information System) applications.A .kmz file is essentially a ZIP archive containing one or more .kml files along with associated assets like images or icons. Users can unzip a .kmz file to view and access its contents.

We do not allow a “.zip” uploaded file, because this file could feasibly be uploaded and then unzipped onto a state owned host.
.zdatThe .zdat file format is not a widely recognized across common software and operating systems. It might be associated with specific proprietary software or custom applications. .zdat files do not adhere to a universal standard and can vary greatly depending on the software that generates them. They might contain binary data, compressed archives, or encrypted information.

As the contents can vary, we would not recommend this as an allowable upload format.
.zcfgThe .zcfg file format is not a widely recognized across common software and operating systems. It might be associated with specific proprietary software or custom applications. Different programs may use files with the ZCFG file extension for different purposes.zcfg files do not adhere to a universal standard and can vary greatly depending on the software that generates them. They might contain binary data, compressed archives, or encrypted information.

As the contents can vary, we would not recommend this as an allowable upload format.
.dbfThe .dbf file extension is commonly associated with database files, particularly those used by the dBASE database management system. However, the .dbf format is also utilized by other database software, including FoxPro, Clipper, and various xBase programming languages.While .dbf files are not typically executable, if uploading and sharing .dbf files is essential then the following needs to be considered:

- .dbf files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
.prjThe .prj file extension is a generic project file extension, which means that it may be used by multiple programs to save project informationprj files do not adhere to a universal standard and can vary greatly depending on the software that generates them. They might contain binary data, compressed archives, or encrypted information. As the contents can vary, we would not recommend this as an allowable upload format.
.sbxA .sbx file extension is associated with several different applications such as: Substance Designer (Adobe), Office Accounting Software (Microsoft), SketchBook Pro (Autodesk), Sequence Buffer Exchange (SBX), Outlook Express (Microsoft).If uploading and sharing .sbx files is essential then the following needs to be considered:

- .sbx files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
.sbnThe .sbn file extension is associated with files related to geographic information systems (GIS), specifically with Esri's ArcGIS software.If uploading and sharing .sbn files is essential then the following needs to be considered:

- .sbn files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
- The binary format of .sbn files complicates the process of scanning them for malicious content. 
.shpThe .shp file extension is associated with shapefiles, used in Geographic Information Systems (GIS). A shapefile is a vector data format used to represent geographic features such as points, lines, and polygons.If uploading and sharing .shp files is essential then the following needs to be considered:

- .shp files can potentially contain embedded scripts or macros that might execute with undesired effects when downloaded and opened.
- Often the file sizes of these files are large and complex, requiring significant computational resources to process or render.
- The binary format of .sbn files complicates the process of scanning them for malicious content. 
.tifThe .tif or .tiff file extension stands for Tagged Image File Format (TIFF), used format for storing raster graphics or bitmap images. - .tif files with complex structures, such as multiple layers or deeply nested metadata.
- Due to their high quality and lack of compression, .tif files can be very large. 
- .tif files can be manipulated to contain malicious payloads that exploit vulnerabilities in image processing software.
- .tif files are stored in a binary format, making them difficult to inspect manually for potential security threats.

It is not recommended to allow uploads of this file type.
.jsonA JSON file is a file that stores simple data structures and objects in JavaScript Object Notation (JSON) format, which is a standard data interchange formatIf the JSON data is parsed or executed dynamically, it could lead to code execution on the server or client side depending on where the JSON is processed. 
It is not recommended to allow uploads of this file type.
 
.mp4An MP4 file stores a video in the widely used MPEG-4 Part 14 (MP4) multimedia container format. It typically contains video and audio data (and related metadata) but may also store subtitles and still images..mp4 files are a widly used format for distributing videos and are not executable. The security concerns with allowing them to be uploaded are minimal.
.webm.webm files typically contain video compressed with the VP8 or VP9 video codecs and audio compressed with the Vorbis or Opus audio codecs..webm is a popular video file format used primarily for web-based streaming and media delivery. The security concerns with allowing them to be uploaded are minimal.
.ogvAn .ogv file is a video file format used for storing video streams that are typically encoded using the Theora codec, with audio streams encoded using the Vorbis codec.ogv files are a widely supported format primarily used for streaming and media delivery. The security concerns with allowing them to be uploaded are minimal.
.exportA .export file extension typically refers to a file that contains data exported from a specific application. The content of a .export file can range from plain text (like CSV, JSON, or XML) to binary data, depending on what the application exports.- .export files typically contain data exported from an application or system. This data could include user settings, logs, configurations, or other types of structured information.
- .export files often contain sensitive data, such as configuration settings, user data, or logs. They could inadvertently leak sensitive information, such as database credentials, API keys, or user personal data, leading to significant security breaches.
- As the contents can vary and contain xml or json files, it is not recommended to allow this file type to be uploaded.
.docm.docm files are Microsoft Word documents that support macros. These macros are written in Visual Basic for Applications (VBA).A .docm file is made up of various XML files, binary data, and the VBA macro code. This combination of content and executable code makes it a potential security risk. It is not recommended to allow uploads of this file type.
.xlsm.xlsm files are Microsoft Excel files that support the use of macros.A .xlsm file is made up of various XML files, binary data, and the VBA macro code. This combination of content and executable code makes it a potential security risk. It is not recommended to allow uploads of this file type.
.vsto.vsto files are used to deploy and manage Visual Studio Tools for Office add-ins. These add-ins can automate tasks, integrate with other systems, and add custom features to Microsoft Office applications..vsto files containe executable code and is not recommended as an allowable upload file type.
.rcp.rcp files store 3D point cloud data, which represents the coordinates of a large number of points on the surface of an object. This data is used to create detailed 3D models..rcp files are not executable and can be considered as an allowable upload format. The concerns are:

- .rcp files can be large in size.
- .rcp files might contain or reference sensitive project data, such as proprietary designs, geolocation information, or client-specific details.
 
.xlam.xlam files are used to create Excel Add-Ins, which are extensions that can add custom functions, automate tasks, and provide additional features within Microsoft Excel.This file type is not recommended as an allowable upload as they contain executable macros.