REQ.039 Define maximum file size
The files manipulated by the system and the users must have defined a maximum file size (5MB recommended).
When a system allows to upload or attach files to be stored, the maximum file size limit must be defined for these files, to avoid issues involving the availability of the service and reducing the chance that an attacker may upload a file containing malicious software.
In order to define the file size limit, you must first define the information storage needs, and the infrastructure size. The company can set a default file size for information management, and define the exceptions they deem necessary to increase the admitted file size, but always keeping a defined limit to avoid denial of service attacks caused by abusing of the system storage.
An application allows to upload and store files. A user uploads files of large size until generating a denial of service because of the lack of space in the system.
Layer: Application layer.
Type of Control: Recommendation.