search

pqina / filepond

🌊 A flexible and fun JavaScript file upload library
https://pqina.nl/filepond
MIT License
15.16k stars 825 forks source link

How can I counter someone flooding the file system with temporary files? #261

Closed Cohaven closed 5 years ago

Cohaven commented 5 years ago

Summary

How can I counter someone continuously uploading files without submitting the form, effectively flooding the file system of the server with temporary files?

This article mentions caching the files instead of creating temporary files, but I'm not seeing any documentation on it in filepond and the examples in the article are for ruby, not PHP.

The main way to prevent someone from spamming temporary files seems to be to set upload size limits on individual and groups of files by using one of the plugins. Another, as mentioned in this issue, is to create server-side scripts to remove files that are older than a day from the temporary file directory. Are there any other approaches you would suggest?

Environment Version
OS Windows
Device PC
Browser Google Chrome
Backend PHP
rikschennink commented 5 years ago

As far as I can read in that article it's exactly the same as creating temporary files, it's simply called caching instead.

You'd have to check this on the server. Everything on the client can be influenced. You could, for instance, register the user IP address, allow X amount of uploads, if it exceeds a certain amount prevent further uploads.