I think currently the servers demand to receive the complete file before verifying its size.
It would be better if it only received the portion set by the upload quota. In other words if the user is uploading a 500MB file, and the quota is 5MB. The upload should be canceled the second the file exceeds 5MB rather than waiting for the entire 500MB file.
This can also be exploited maliciously.
Version: unspecified
Severity: enhancement