Security Risks of Direct File Uploads to Cloud Storage

With the growing need for scalable data storage, websites are increasingly adopting cloud storage services to handle large volumes of user-generated content. A common pattern emerging in modern web applications is the direct upload of files from users to cloud storage platforms, bypassing traditional web server handling. While this approach improves efficiency and performance, it also introduces new security challenges due to the increased complexity of interactions between users, web servers, and cloud providers.  In this project, we investigate the security implications of direct-to-cloud file upload mechanisms and present a practical implementation using the MERN (MongoDB, Express, React, Node.js) stack. Unlike traditional research that focuses on public cloud infrastructures, our implementation utilizes a local MongoDB database and role-based access control (RBAC) to simulate admin and user permissions in a controlled environment. Through our system, we explore how improper credential handling, insecure access control policies, and flawed upload workflows can expose sensitive data and compromise application security. Our study highlights six types of potential vulnerabilities associated with such upload mechanisms. We simulate these scenarios and test mitigation strategies, including secure token generation, upload session expiration, and strict role-based permissions. The project offers a foundational framework for understanding and addressing the security risks of user file uploads in modern web applications and aims to inform best practices for secure cloud integration.

Keywords: Web Security, File Upload Vulnerabilities, RBAC (Role-Based Access Control), Upload Credentials, User Authentication, Secure File Upload