[matthuggins]

I'm sure this is more a question about S3 than the gem itself, but can you provide any info about security risks, who can upload, where they can upload to, etc.? e.g.: what's to stop someone from uploading a ton of files to your bucket if they have direct access to it?

[_neil]

I'm not sure with this library, but with other solutions you have a handshake endpoint on your server which creates a time-limited, single use token. The browser hits your server which then creates a key on S3 and sends it back to the client. The client can then use said key to upload on S3. Might be good to use SSL along with this.