Handling file uploads for modern developer

talk 33 connections

wroclove.rb 2019 talk by Janko Marohnić sharing best practices for handling file uploads in web applications. Structured around four themes: (1) server-side validation — file size, MIME type determined from content via magic bytes (not the Content-Type header which comes from the extension), image dimensions to prevent image bombs, and custom metadata that should be persisted; (2) processing — on-upload vs on-the-fly, using the image_processing gem with either ImageMagick (mini_magick) or libvips backends (libvips ~3–5× faster); (3) upload UX — async direct uploads to S3 driven by the Uppy JavaScript library, with built-in UI components (file input, progress bar, drag-and-drop, dashboard); (4) resumable uploads via S3 multipart or the generic tus protocol. Ends with Q&A covering DDoS protection via signed URLs, orphan-file avoidance via temporary storage, testing with MinIO, and a request for Ruby bindings for imageflow.

type

talk

talk Handling file uploads for modern developer

about

Shrine tool

The talk centers on file-upload best practices as implemented in Shrine.

talk Handling file uploads for modern developer

about

Paperclip tool

Discussed as part of the Ruby file-upload landscape and the speaker's history.

talk Handling file uploads for modern developer

about

CarrierWave tool

Discussed as part of the Ruby file-upload landscape and its missing built-ins.

talk Handling file uploads for modern developer

about

Refile tool

Discussed as the opinionated library Shrine was forked from.

talk Handling file uploads for modern developer

about

Active Storage tool

Compared with Shrine, especially regarding URL-encoded processing and bundled JavaScript.

talk Handling file uploads for modern developer

about

image_processing gem tool

Janko presents the gem as the recommended image-processing integration.

talk Handling file uploads for modern developer

about

ImageMagick tool

Discussed as traditional backend behind mini_magick with security concerns.

talk Handling file uploads for modern developer

about

libvips tool

Recommended as a faster alternative backend to ImageMagick.

talk Handling file uploads for modern developer

about

Uppy tool

Recommended JavaScript library for the upload UX.

talk Handling file uploads for modern developer

about

tus protocol concept

Covered as the generic resumable-upload protocol option.

talk Handling file uploads for modern developer

about

Amazon S3 tool

Primary cloud storage target for direct and multipart resumable uploads.

talk Handling file uploads for modern developer

about

Rack tool

Shrine is built on Rack to be framework-agnostic.

talk Handling file uploads for modern developer

about

Magic bytes MIME detection concept

Explains validating MIME from content via magic bytes.

talk Handling file uploads for modern developer

about

Image bomb concept

Explains why dimension validation is needed.

talk Handling file uploads for modern developer

about

Direct Upload to Cloud concept

Covers direct-to-S3 uploads via Uppy.

talk Handling file uploads for modern developer

about

On-the-fly Processing concept

One of two processing strategies compared.

talk Handling file uploads for modern developer

about

On-Upload Processing concept

One of two processing strategies compared.

talk Handling file uploads for modern developer

about

Resumable Uploads concept

Covers resumable uploads via S3 multipart and tus.

talk Handling file uploads for modern developer

about

Orphan Files concept

Discussed via Shrine's temporary/permanent storage separation.

question DDoS risk of on-the-fly processing

asked_at

Handling file uploads for modern developer talk

Audience question during Q&A.

question Orphan files from async uploads

asked_at

Handling file uploads for modern developer talk

Audience question during Q&A.

question Local storage for tests

asked_at

Handling file uploads for modern developer talk

Audience question during Q&A.

question Adding imageflow to image_processing gem

asked_at

Handling file uploads for modern developer talk

Audience question during Q&A.

person Janko Marohnic

authored

Handling file uploads for modern developer talk

Speaker of the wroclove.rb 2019 talk.

takeaway Signed On-the-fly URLs

from_talk

Handling file uploads for modern developer talk

Takeaway from the Q&A on DDoS protection.

takeaway Validate MIME type from file content

from_talk

Handling file uploads for modern developer talk

Recommendation from the validation section.

takeaway Validate image dimensions to prevent image bombs

from_talk

Handling file uploads for modern developer talk

Recommendation from the validation section.

takeaway Persist extracted metadata

from_talk

Handling file uploads for modern developer talk

Recommendation from the metadata recap.

takeaway Prefer libvips over ImageMagick

from_talk

Handling file uploads for modern developer talk

Recommendation from the image-processing section.

takeaway Use Uppy regardless of backend

from_talk

Handling file uploads for modern developer talk

Explicit recommendation from the upload UX section.

takeaway Use MinIO for S3 testing

from_talk

Handling file uploads for modern developer talk

Recommendation from the Q&A on testing.

takeaway Use temporary storage to avoid orphan files

from_talk

Handling file uploads for modern developer talk

Recommendation from the Q&A on async upload transactionality.

talk Handling file uploads for modern developer

presented_at

wroclove.rb 2019 event

Delivered at wroclove.rb 2019.

Provenance

Created: 2026-04-17 16:17 seed
Last updated in: Handling File Uploads for the Modern Developer — Janko Ma... 2026-04-17 16:18
Read by: 17 extractions