It has just dawned on me the gaping security hole of allowing someone (maybe even the public) to upload a file (picture, pdf, etc.. ) directly into the database using an edit widget.
Is any file validation/virus scanning occuring? or do I need to do that in my app. And if I do need to do it, how do I intercept the upload?
What is the best practice approach for security and the attachment editor RE validation/scanning. I do not see any response to the above question, but assume by now there is some standard approach for this. Thanks!