Skip to main content
File uploads are powerful, but they also introduce security concerns. Formbase stores files in your S3-compatible bucket and returns a signed URL for access. Use the practices below to keep uploads secure.
1

Keep buckets private

Store files in private buckets and rely on signed URLs for access instead of public objects.
2

Validate on the client

Enforce file size and type limits in your UI to prevent accidental or malicious uploads.
3

Scan or review uploads

If you process user uploads, run them through malware scanning or manual review before using them in downstream workflows.
Formbase does not inspect file contents or enforce MIME types. If you need strict controls, validate before forwarding uploads.