- When should an uploaded file be deleted?
- How long should a generated report be available for download?
Files that cannot be read by a CSV reader should be deleted immediately to avoid that potentially malicious resources are hosted on this public server. A simple check for file extension is not enough. Arbitrary files can be uploaded by just adding the extension *.csv.