diff --git a/validate-signature/slim-app/src/osteam/App.php b/validate-signature/slim-app/src/osteam/App.php
index ca83d2ce027a1d33913c5e570ca8ebb3c5a81a55..44b2b11939b33966a4e1b3cf7104abc0b454ae37 100644
--- a/validate-signature/slim-app/src/osteam/App.php
+++ b/validate-signature/slim-app/src/osteam/App.php
@@ -16,8 +16,9 @@ class App
     
     protected $ci = null;
     protected $logger = null;
-    protected $savePath;
-    protected $saveFileTTL; 
+    protected $savePath = 'tmp';
+    protected $saveFileTTL = 0; 
+    protected $maxFileSize = 0;
     
     public function __construct(ContainerInterface $ci)
     {
@@ -29,9 +30,10 @@ class App
         if (isset($settings['app'])) {
             $this->savePath = (isset($settings['app']['save_path']) ? $settings['app']['save_path'] : 'tmp');
             $this->saveFileTTL = (isset($settings['app']['save_file_ttl']) ? $settings['app']['save_file_ttl'] : 0);
+            $this->maxFileSize = (isset($settings['app']['max_file_size']) ? $settings['app']['max_file_size'] : 0);
         }
     }
-    
+
     /**
      * Ξ§Ξ±ΞΉΟΞ΅Ο„ΞΉΟƒΞΌΟŒΟ‚ - οδηγίΡς.
      *
@@ -101,9 +103,15 @@ class App
             ]), 501);
         }
 
-        foreach ($files as $id => $file) {
+        // foreach ($files as $id => $file) {
+        // as requested, only handle one file
+        $file = array_pop($files);
             if ($file->getError() === UPLOAD_ERR_OK) {
-                // $contents = base64_encode($file->getStream()->getContents());
+                if ($file->getSize() > $this->maxFileSize) {
+                    return $res->withJson(array_merge($this->coreResponseData(false), [
+                        'message' => 'Exceeded maximum file size limit'
+                    ]), 400);
+                }
                 $filename = $file->getClientFilename();
                 $store_filename = $this->savePath . DIRECTORY_SEPARATOR . uniqid() . '_' . 
                     $this->sanitizeFilename($filename);
@@ -117,7 +125,7 @@ class App
                 }
                 $this->logger->info("validate binary upload::{$store_filename}");
             }
-        }
+        // }
 
         $this->vaccuumSavePath();
 
@@ -144,12 +152,22 @@ class App
         // $parsedBody = $req->getParsedBody();
         $filename = $req->getParsedBodyParam('filename', null);
         $content = $req->getParsedBodyParam('base64content', null);
-        if ($filename === null || $content === null) {
+        if ($filename === null && $content === null) {
+            return $res->withJson(array_merge($this->coreResponseData(false), [
+                'message' => 'invalid JSON format encoding'
+            ]), 400);
+        } elseif ($filename === null || $content === null) {
             return $res->withJson(array_merge($this->coreResponseData(false), [
                 'message' => 'Filename and file content is mandatory'
             ]), 400);
         }
-        
+
+        if (mb_strlen($content) > (ceil($this->maxFileSize * 4 / 3) + 3)) { // approx base64 length
+            return $res->withJson(array_merge($this->coreResponseData(false), [
+                'message' => 'Exceeded maximum file size limit'
+            ]), 400);
+        }
+
         if (($filecontent = base64_decode($content)) === false) {
             return $res->withJson(array_merge($this->coreResponseData(false), [
                 'message' => 'File content is not valid base64 encoded'
@@ -172,6 +190,12 @@ class App
             ]), 501);
         }
 
+        if (filesize($store_filename) > $this->maxFileSize) { // double checking
+            return $res->withJson(array_merge($this->coreResponseData(false), [
+                'message' => 'Exceeded maximum file size limit'
+            ]), 400);
+        }
+
         $this->logger->info("validate base64 upload::{$store_filename}");
 
         // delete any leftover files
diff --git a/validate-signature/slim-app/src/settings.php.dist b/validate-signature/slim-app/src/settings.php.dist
index c66d53027f9b7bc2396ffdd835407199431e529f..1b61d7ffd5306bbc2d259ace7d16f8ac4ab34c51 100644
--- a/validate-signature/slim-app/src/settings.php.dist
+++ b/validate-signature/slim-app/src/settings.php.dist
@@ -19,6 +19,7 @@ return [
         'app' => [
             'save_path' => __DIR__ . '/../files', // upload file location 
             'save_file_ttl' => 0, // if 0 delete file after doing work; if Nr delete some time after Nr seconds
+            'max_file_size' => 26214401, // maximum uploaded file size in bytes
             'secure_endpoint_username' => 'username-for-this-wrapper',
             'secure_endpoint_password' => 'password-for-this-wrapper'
         ]