Add tag to warn of attachments - 2018-Jan Core #2

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive with Modification
    • Priority: Medium
    • FHIR Core (FHIR)
    • STU3
    • Security
    • Security
    • Hide

      Persuasive with Mod

      placing the warning we have in Binary (http://build.fhir.org/binary.html#2.36.3.3) on Attachment.data, and Attachment.url.

      Show
      Persuasive with Mod placing the warning we have in Binary ( http://build.fhir.org/binary.html#2.36.3.3 ) on Attachment.data, and Attachment.url.
    • Kathleen Connor / Joe Lamy: 2-0-0
    • Enhancement
    • Non-substantive
    • STU3

      Existing Wording: Several FHIR resources include attachments. Attachments can either be references to content found elsewhere or included inline encoded in base64. Attachments represent security risks in a way that FHIR resources do not, since some attachments contain executable code.

      Comment:

      Could a FHIR security tag define that there is at least one executable code attachments before a resource bundle is processed, to warn a user at the beginning of a transaction?

      Summary:

      Add tag to warn of attachments

            Assignee:
            Unassigned
            Reporter:
            Brian Pech
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: