Lock down uploads and private files - shippingszn launch readiness
Uploads are any file a user can give your app: avatars, PDFs, CSVs, images, documents, audio, exports, attachments. They look harmless until one private upload becomes public, one huge file knocks over your server, or one malicious file gets served back to another user.
AI builders love to wire 'upload a file' in one prompt and skip the boring safety rails. That means public buckets, unlimited file sizes, trusting .jpg extensions, and download URLs anyone can guess. If users trust you with files, you need to prove those files stay private and bounded.
The shippingszn CLI includes automated checks for this launch-readiness control.
The Launch Fix Kit keeps scan-specific findings, file and line evidence, AI-builder punch-list tasks, and verification steps tied to the paid report.
- List every upload entry point: avatar, import, support attachment, chat file, document, CSV, admin upload, anything.
- Set hard limits: allowed file types, max file size, per-user storage quota, and max number of files per object or account.
- Validate type on the server using MIME sniffing or file magic, not just the browser's accept attribute or the filename extension.
- Store private files in a private bucket and serve them through signed, short-lived URLs after checking the current user is allowed to read that exact file.
- Try to break it: upload a huge file, a renamed .exe, an HTML file, an SVG with script, a filename with ../, and another user's file URL. All should fail safely.
Run the scanner | Unlock Launch Fix Kit
Canonical URL: https://shippingszn.com/i/file-uploads/