What are best practices for secure file uploads?

File uploads are a common attack vector. **Best practices:** - Validate MIME type and file signatures - Limit size and rate - Store outside web root and use random file names - Virus/malware scan when needed - Use pre-signed URLs and object storage (S3-like) Never trust user-provided filenames or content types.