B8. Need file uploads
What this page helps you do
Account for the extra risk that comes with user-uploaded files.
Why it matters
Uploads affect storage, validation, abuse protection, and backups.
You should already have
- one or more upload flows
Skip this page if
- the app has no file uploads
What to do
- validate file type and size
- know where uploaded files live
- know whether uploads are backed up
Recommended default
Keep the first upload flow small and restricted.
Common mistakes
- storing uploads in the wrong place
- not limiting file size
- forgetting backup coverage
Next step
Go to C3. Validate user input.
Related pages
Advanced notes
TODO for contributors: add plain-English notes on temporary files, object storage, and cleanup jobs.