[emilv]

No, there is no use case where this is feasible on the public web. Even a small site with a strange URL and few visitors will be attacked in exactly the way described in the blog post if they try to use this. I'm sure some bot maintainers are already pushing for a detection of this enormous security hole.

Do not do this.

[NKCSS]

There's lot of possibilities there; the demo page returns a tmp url that will work for a while with the data transfered, so you could use the service to distribute files in parts of 30MB max...

[emilv]

Yes, anyone can use your site to host any file on your server.

[spolu]

It's still interesting to explore the concept and think about how its always easier to build stuff exclusively client-side.

[emilv]

I think that's a flawed assertion. It's easy to make an insecure file upload in most server-side web languages. An example in the PHP manual is only a couple of lines of code: http://www.php.net/manual/en/features.file-upload.post-metho...

How easy is it to make a safe client-side solution?