Enforce Maximum File Size through Policy File.

nathancolgate / s3-swf-upload-plugin

A rails 3 gem which allow user upload files to S3 through an embedded flash directly. All UI has been moved out of flex and can be controlled by CSS and JavaScript callbacks.

http://www.nathancolgate.com

MIT License

318 stars 74 forks source link

Enforce Maximum File Size through Policy File. #74

Closed jkillian closed 12 years ago

jkillian commented 12 years ago

While maximum file size can be set via JS, there's also an unused field in the yml configuration. This field should be utilized and added to the policy file, as the client-side check could be avoided by a malicious user.

Relevant: http://docs.amazonwebservices.com/AmazonS3/latest/dev/HTTPPOSTForms.html#PolicyConditions

jkillian commented 12 years ago

Alright, think this should be fixed now.