Restrict renaming of attachments using FileApiService
Using FileApiService, we are able to rename the attachment. This posses a challenge because an attacker can upload any malicious file, even though we have a logic to allow only certain file types to get uploaded.
For example, ABC.bat can be renamed as ABC.txt. After uploading this file, the attacker can change the name of file to ABC.bat.
We have locked the fields of attchment detail on UI, but it is not much of help if the file is renamed through FileApiService.
Any method to restrict renaming using this API would be appreciated.