[danShumway]

The only caveat I'd mention here for anyone else looking to do something similar is that if you're planning to use ffmpeg to convert a video into multiple different formats for serving at different bitrates or to different devices, then doing it clientside opens up the door for users to upload completely different videos for different formats; you are trusting the client ultimately to send you the data.

Plenty of scenarios where that doesn't matter and it's fine to trust the client, but just something to be aware of.

[leptons]

What you said is definitely true. But in my system the videos are resized and converted into RAW format which I then extract color information from at different pixel locations, so it wouldn't really matter if it's an exe file or something else - it's only going to extract the binary data as color information to be used in other ways, and the converted files are never served. I doubt there's too much risk involved with my project using it in this way, but in other projects I'm sure it could be a security risk.

[danShumway]

Yep, definitely didn't mean to imply that your project in specific was vulnerable, just wanted to give more of a general heads up for anyone else looking to do the same thing.