Hacker News new | past | comments | ask | show | jobs | submit login

We enforce both the filetype and size limits on the server side.

We have some hostname verification and we also also adding in secret keys to sign requests so we can be even more sure.

We also have some checks that look for abnormal upload patterns that have found a couple oddities and will get better with time.




But where can I specify filetype and size limits in my control panel? There's nothing stopping abusers from changing those parameters on the client.


That's a good idea. We had been working under the assumption that you would want to change limits often, but I can see how a per-apikey cap would prevent gross abuse.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: