DDoS risk?

[sesam]

From a security standpoint, can someone DDoS a site using mule-uploader (financially or otherwise) by uploading millions of small files and cause huge AWS costs?

[gabipurcaru]

Yes they can. Just like they could with a regular upload field; you have to add your own rate limitations if you have such needs, DDoS protection is outside of this project's scope IMO.

Also, I'm pretty sure Amazon only bills the traffic and storage, not file count, so millions of small files vs handful of huge files would be the same as far as money is concerned.