Issue The site accepts file uploads without any constraints. At a minimum, the size of the upload should be constrained to a reasonable size. Recommendation Implement a subset of the recommendations in the secure coding guidelines for file uploads.
Will implement a size of 10MB. Is that ok?
Assignee: nobody → rtucker
I'm now raising a ValidationError if the user tries to upload a file larger than 10MB. Per conversation on IRC this is reasonable. File at commit is visible here: https://github.com/rtucker-mozilla/disk_key_encrypter/blob/d185dbae44bc0bc417b1ba31d00a57d2d1e619df/apps/site/forms.py#L15
This is completed as evident in the commit.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.