I'm using the lightning file upload control to store fiels upto 16MB in size. However I need to validate the resolution of the file and size. I understand this is possible only in client side using HTML 5 Canvas. But the new lightning file upload control doesn't expose any client side event. It provides an event after the file is saved to server, which is not helpful. The lightning control uses a generic html input. I tried attaching the client side event to the input tag in helper.js and render.js, but no luck. Any ideass, how to hook the event to the input control? Is Locker preventing this?

https://trailhead.salesforce.com/modules/api_basics/units/api_basics_rest

We currently loginto trailhead using production credentials. If we launch workbench it goes into production org. Where does the exercise validation happen for this unit? Does it look into trail head org? or someother org? How to connect workbench to the org where validation happens? 

I'm using the lightning file upload control to store fiels upto 16MB in size. However I need to validate the resolution of the file and size. I understand this is possible only in client side using HTML 5 Canvas. But the new lightning file upload control doesn't expose any client side event. It provides an event after the file is saved to server, which is not helpful. The lightning control uses a generic html input. I tried attaching the client side event to the input tag in helper.js and render.js, but no luck. Any ideass, how to hook the event to the input control? Is Locker preventing this?

Universal Containers (UC) has a requirement to expose a web service to their business partners. The web service will be used to allow each business partner to query
 UC's Salesforce instance to retrieve the status of orders. The business partner should only be allowed access to orders for which the business partner is the 
 fulfillment vendor. The Architect does not want the business partners to utilize the standard APIs and would prefer a custom API be developed.Which three design 
 elements should the Architect consider in order to ensure the data security of the solution? Choose 3 answers
A. Query the Orders object with Dynamic SOQL based upon the fulfillment ID.
B. Set the Orders object's sharing settings to Private in the Org-Wide Defaults
C. Provide each partner with their own Salesforce login set to API Enabled on the profile. 
D. Develop a custom Apex web service with a fulfillment ID input attribute
E. Develop a custom Apex web service using the "With Sharing" keyword.

https://trailhead.salesforce.com/modules/api_basics/units/api_basics_rest

We currently loginto trailhead using production credentials. If we launch workbench it goes into production org. Where does the exercise validation happen for this unit? Does it look into trail head org? or someother org? How to connect workbench to the org where validation happens?