Saltar al contenido principal

File Upload Security

Security controls for file uploads in Ever Gauzy.

File Validationโ€‹

File Type Restrictionsโ€‹

Uploaded files are validated by:

  • MIME type โ€” checked against an allowlist
  • File extension โ€” validated against permitted extensions
  • File size โ€” enforced maximum size limits

Allowed File Typesโ€‹

CategoryExtensions
Images.jpg, .jpeg, .png, .gif, .svg, .webp
Documents.pdf, .doc, .docx, .xls, .xlsx
Archives.zip

Storage Securityโ€‹

MeasureDescription
Tenant isolationFiles scoped to tenant directory
Unique namingFiles renamed to UUIDs
No executionUpload directories have no-exec
Access controlFiles served through API auth

Configurationโ€‹

VariableDescription
FILE_PROVIDERStorage backend
MAX_FILE_SIZEMaximum upload size (bytes)