to be implemented after #225 is merged this probably shouldn't be too strict, but should prevent an untrusted user from filling up our disk
to be implemented after #225 is merged
this probably shouldn't be too strict, but should prevent an untrusted user from filling up our disk