Docs: add section with suggestions relating to security (includes relaxing defaults for trusted input)

[jonatan-holmgren]

Question about an existing feature

Running Sharp on user-generated content

What are you trying to achieve?

A service which allows arbitrary user input of files, then converted to webps

When you searched for similar issues, what did you find that might be related?

Tons of people seem to use Sharp for such a purpose, but I'm not sure if I'm missing a step. Running something like this on arbitrary data seems scary at best. I am running it in a kubernetes pod.

[lovell]

The short answer is that the default settings are generally safe for untrusted input. Decompression memory consumption is probably the biggest risk, but this can be managed e.g. via cgroups.

libvips and its "web" dependencies (i.e. those used by sharp) are continuously fuzz-tested. All found/reported security issues are fixed and co-ordinated releases are scheduled ahead of details being made public.

I'm going to switch this issue to an enhancement as I think the longer answer, when written, is worth adding to the docs.