Are there any implications for uploading documents in a "submit your cv" style solution? File types would be limited to pdf but permissions would be public access. So anybody could upload a file.
I know just about any file can be malicious but what are the risks?
I understand that just cutting and pasting into free text fields would solve the problem but I would like to know the implications of the document upload solution.
Let users upload documents to non-web accessible locations (i.e. outside of the site hierarchy). That way, they can upload files, but those files are never served back out (except via the Admin Interface).