I think this a good solution but I guess we do not want or necessarily have the means to pay for this kind of service for a small non-profit project for example.
You can try Waffle but for the kind of attack you mention, you might have to include your own validation within your uploader module config.
defmodule Avatar do
use Waffle.Definition
def validate({file, _}) do
your_custom_validation?
end
end
