Quiz

1. could you go more into the functionality of Multer? why are we using Multer over Node.js body-parser and what are the differences?

   Great question. File upload uses a different encoding type (enctype) for the form, different from what body-parser uses, and Multer understands that format.

2. Which of the three example methods of file uploading is best for the purpose of this class?

   It depends, which is why I gave you three options. See three examples.

   But this is a good time to recap:

   • Open: anyone can see the uploaded files (e.g. pictures). They don't even have to be logged into your app, since the files are in a static folder, just like your CSS files, logos, etc.
   • limited: uploads are authenticated and viewing the photos like is authorized. However, access to the urls is not authorized, so there's a security hole.
   • private: closes that security hole

   In the context of this course, you should implement the private version. It's the most versatile version.

3. Can we talk more about the security aspect of file uploads? How can we make sure users don't upload anything malicious? Or is that not a concern.

   Great question. Hopefully, requiring authentication will avoid most of the worry, because malicious people are less reponsible when they think they can't be caught.

   There are four levels we can do and even combine. I've written this up: file-upload/contents-checking.