Ask HN: How to best handle “unlimited” use tiers in a SaaS?

[alexpete]

Of course, "unlimited" doesn't mean "infinite". Say I have an app that lets users upload their own documents. I don't want to cap their uploads -- although perhaps, starting out, this is the best way to go -- as there is a potential upsell opportunity for each document they've uploaded (plus it would just be annoying).

What are some strategies for preventing users from abusing my database capacities? I don't want to become another Google Docs repository for everything on their harddrive. Some ideas I had were:

-enforcing a minimum time limit between uploads

-capping them at a certain amount until I can do a manual admin override

-making the user "unlock" more uploads by performing other actions on the site (thus sort of implicitly verifying that they're a real user)

[eberkund]

What about having a maximum file size? If you are a site for documents, user's probably don't have any reason to upload a 3 GB file.

[alexpete]

Yep, I'll be enforcing a max file size (it's only for text-based documents). I guess my bigger concern is spam. Allowing a user to upload an "unlimited" amount of data is a DOS vector, especially since I'm the sole dev. So I'll need to do some sort of curtailing, but hopefully the kind that would be invisible to anyone using the site for its normal purpose.