With many video settings implemented through parameters on the embedded Ziggeo client I am concerned about the possibility of attacks where a user overrides the client side settings and uploads with no limits.
Consider the parameters: `expiration-days`, `timelimit`, `videobitrate`, `audiobitrate`. All of these could be changed by a client allowing them to upload arbitrarily long videos at high bit-rates with no expiration. Since these are not tied to the auth token a user could get an auth token legitimately, then load the recorder with their custom parameters with no way to reject them.
Is there any way to enforce these parameters for the application as a whole regardless of what the client uses?
Please sign in to leave a comment.