SID-HARD-07 — Resource Upload Constraints
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | System Hardening Controls |
Description
Server-side controls for any user-submitted resources (e.g. FaceTec selfie images, credential attachments). (1) Maximum file size enforced before reading the full body. (2) Content-type validation against an allow-list. (3) Uploaded files stored outside the web root with restricted permissions. (4) Files served with Content-Disposition: attachment to prevent browser execution. (5) Compressed file bomb protection where applicable.
Components
- FaceTec API (Go)
- Wallet Backend (Go)