Comment 3 for bug 1545092

You're saying a malicious actor could "fill up" the database with queued image records? Have you seen this in practice or is the impact speculative for now? How quickly can a user theoretically add entries, how large is each entry, and at what point is their accumulation likely to cause impact to other tenants using the system in a typical deployment (let's consider a relatively small and therefore more vulnerable deployment for the sake of argument)? Is it an attack which can be accomplished in mere minutes? Hours? Days?