I’ve got a new project going on at the minute and before I get too invested, I wanted to sort out the feasibility of it in terms of security.
I’ve currently got my main server running a basic apache server to serve files, I’m content with its security (fail2ban, SSL, random file names, dir listing off etc etc)
What I’m wanting is to create is a webpage that will allow a visitor to upload an MP4 file, the server will then compress that using ffmpeg and then rename it, puting it back on the server as a new downloadable MP4 compressed below 10MB.
What are the security risks involved with allowing MP4 uploads? Would I be better using a raspberry pi for the uploading then transferring it to my main server where its hosted? What is the safest and easiest way to do this?