...
| Info |
|---|
When a form is set to “Anyone” visibility, you cannot also use the File Upload field on the form. This is a security precaution. Consequently, users must sign into Microsoft 365 with a UConn account in order to upload files into your form. If “Anyone” was able to upload files into your Form, that would be a clear vector for attack and is therefore not within the built-in functionality of Forms |
| Note |
|---|
This guide will help you circumvent this security precaution and therefore must be followed at your own risk. After completing this guide any actor or computer on the planet will be able to place files into your OneDrive/SharePoint folder. This is an obvious vector for attack and is therefore not within the functionality of Forms. There will be security precautions listed below. Please read and follow this guide carefully. |
...
Visit s.uconn.edu/onedrive or s.uconn.edu/sharepoint and find the location you would like to hold these user-submitted files.
Create a new folder and give it an appropriate name. Example, “questionnaire public file upload”.
Be sure to create this folder outside of your OneDrive “Documents” folder in order to follow the optional section below.Back out of the folder so that you can right-click on the folder.
Click on Request Files.
Complete the Request FIles prompt and copy the “Share link”.
Optional: Learn more about the Request Files function: Request a File in OneDrive or Request a File in SharePoint.
Optional:
...
Precaution - Disable Sync of this folder
For extra security, you may prevent your computer from synchronizing with this folder. Doing so will prevent you from opening the files locally on your computer, instead you will view them through the web browser.
...
| Tip |
|---|
The data uploaded into the folder you have created will not be linked to the Form. Be sure to check the folder frequently in order to associate the data with specific responses on the Form. |
Why can I “Request Files” using OneDrive/SharePoint and not have a public file upload option in Forms?
This guide works on the assumption that Request Files is intrinsically more secure than Forms due to the share link. Forms have very short links that allow people to share them and type them in easily; Forms are meant to be posted and shared freely. Request Files on the other hand, is computer-to-computer transaction, therefore users are less likely to need to manually type in the share link; it should have been sent to them. This allows the Request Files link to be very long and complicated.
A computer set up to scan the internet and guess the URL for Forms will have a relatively easy time compared to one trying to guess the link for Request Files. The Request Files link is very long and full of gibberish and therefore very, very hard for a computer to guess or “stumble upon” and then dump a malicious payload.
Help
Reach out to techsupport@uconn.edu with any questions about this guide or if you believe any information is missing from this page.
...