---
title: Enforce File Upload Limits
impact: MEDIUM
impactDescription: prevents Denial of Service (DoS) and excessive storage usage
tags: security, upload, limits, dos
---

## Enforce File Upload Limits

Sanitize filenames, validate file types (magic bytes), and enforce strict file size limits for all user uploads.

**Incorrect (no limits):**

```ruby
class User < ApplicationRecord
  has_one_attached :avatar
end
```

**Correct (ActiveStorage validations):**

```ruby
class User < ApplicationRecord
  has_one_attached :avatar
  
  validates :avatar, attached: true, 
    content_type: ['image/png', 'image/jpg', 'image/jpeg'],
    size: { less_than: 5.megabytes }
end
```

**Tools:** ActiveStorage Validations gem, Brakeman
---