
File Uploading without a Server - kvz
http://kvz.io/blog/2013/09/03/file-uploading-without-serverside-code/
======
kalleboo
> However with services like Disqus, and (my own startup) Transloadit, it gets
> more and more feasible to just run a flat site and have external services
> cover for not running serverside code and a database yourself.

It's funny how the more things change, the more they stay the same. I remember
in the beginning of the web, when we all used externally hosted "guestbook"
scripts and visitor counters. It seems we're back there again...

~~~
mtdewcmu
People were all supposed to have their own personal home pages by now.
Instead, we're too busy screwing around on Facebook...

------
emilv
No, there is no use case where this is feasible on the public web. Even a
small site with a strange URL and few visitors will be attacked in exactly the
way described in the blog post if they try to use this. I'm sure some bot
maintainers are already pushing for a detection of this enormous security
hole.

Do not do this.

~~~
NKCSS
There's lot of possibilities there; the demo page returns a tmp url that will
work for a while with the data transfered, so you could use the service to
distribute files in parts of 30MB max...

~~~
emilv
Yes, _anyone_ can use your site to host any file on your server.

