By default Moralis allows any authenticated user to upload Files. It's a good idea to put in logic that restricts file uploads.
If your app has no use for files they should be completely disabled. You can disable all file uploads by including the following trigger in your cloud code.
You can do any custom logic you want in order to determine whether a file should be allowed to save or not. For example, you can analyze the request object in order to see which user is trying to save the file. Read more here: File Triggers.
Legacy UI is present in the video, some things might be different
CLP and ACL policies explained.
If you have any questions about database security or locking down your database feel free to ask in the Forum.