Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
ynt
Regular Visitor

Prevent end-user from uploading malicious file types

‎10-17-2018 06:25 PM

We recently performed penetration testing and found several vulnerabilities including the issue with unrestricted file upload that pose significant risk.

 

Is there a configuration in Power BI Report Server to use a whitelist method to prevent end-user from uploading malicious file type like .exe, .py, etc.?

 

Thanks.

 

Message 1 of 7
2,439 Views
0
6 REPLIES 6
Jon-Heide
Microsoft Employee
Microsoft Employee

‎10-22-2018 02:23 PM

Yes, this is whitelisted under the TrustedFileFormat property, editable through SQL Management Studio when you connect to the PBIRS instance.  

Message 2 of 7
2,402 Views
ynt
Regular Visitor
In response to Jon-Heide

‎10-23-2018 09:49 AM
@Jon-Heide wrote:

Yes, this is whitelisted under the TrustedFileFormat property, editable through SQL Management Studio when you connect to the PBIRS instance.  


This setting does not prevent user from downloading/uploading malicious file types

 

https://docs.microsoft.com/en-us/sql/reporting-services/tools/server-properties-advanced-page-report...

 

TrustedFileFormat Set all the external file formats that open within the browser under the Reporting Services portal site. External file formats not listed prompts to download the option in the browser. The default values are jpg, jpeg, jpe, wav, bmp, pdf, img, gif, json, mp4, web, png.

Message 7 of 7
2,386 Views
0
Jon-Heide
Microsoft Employee
Microsoft Employee
In response to Jon-Heide

‎10-22-2018 02:26 PM

You can also use server permissions to disallow users from uploading content in general. 

Message 3 of 7
2,400 Views
0
ynt
Regular Visitor
In response to Jon-Heide

‎10-23-2018 09:50 AM

@Jon-Heide 

@Jon-Heide wrote:

You can also use server permissions to disallow users from uploading content in general. 


Can you please point me to this particular setting?

Message 4 of 7
2,385 Views
0
ynt
Regular Visitor
In response to Jon-Heide

‎10-23-2018 03:07 PM
@Jon-Heide wrote:

https://docs.microsoft.com/en-us/sql/reporting-services/security/granting-permissions-on-a-native-mo...

For our use case, we can't disable the upload feature. We need to be able to whitelist certain file types that can be uploaded to PBI Report Server.

Message 6 of 7
2,371 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All