security - Securing anonymous image uploads -

sites www.ebayclassifieds.com let users upload images in order see thumbnail previews , make image adjustments before posting content. visitors able upload images sites anonymously without authorization beforehand.

can same type of image previews done smaller site has bandwidth , disk space constraints? i'd guess 1 set cron job periodically delete images anonymously uploaded. other measures can taken bandwidth usage , disk space don't out of hand, in case tries spam site bogus image uploads?

here ideas off top of head:

1. use session state keep track of uploaded files , delete them automatically when session expires.
2. limit uploads per session/visitor (ie. 1 per anonymous visitor)
3. limit maximum size of file can uploaded.
4. limit image types compressed (ie. don't allow bmps)
5. scale images down reasonable size uploaded. don't need full size.