chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ron Gavlin (JIRA)" <>
Subject [jira] [Commented] (CMIS-1001) Parse Content-MD5 Mime Header and use it for validation if present
Date Tue, 18 Oct 2016 02:28:58 GMT


Ron Gavlin commented on CMIS-1001:

Per Florent's suggestion, I will address this issue by implementing support for RFC 3230 HTTP
Digest Header verification in the server. This is preferred since Mime Header verification
only supports multipart/form-data MIC and provides no solution for application/x-www-form-urlencoded

> Parse Content-MD5 Mime Header and use it for validation if present
> ------------------------------------------------------------------
>                 Key: CMIS-1001
>                 URL:
>             Project: Chemistry
>          Issue Type: Improvement
>          Components: opencmis-server
>    Affects Versions: OpenCMIS 1.0.0
>            Reporter: Ron Gavlin
>            Priority: Minor
> Sometimes content streams get corrupted over the wire. Content stream hashes are often
used to protect against these corruptions.
> Apache Chemistry OpenCMIS should validate contentStream input to AtomPub and Browser
Binding CMIS operations, including setContentStream, appendContentStream, checkIn, and createDocument,
by comparing the content stream MD5 hash against a Content-MD5 MIME header if present. A CMIS
invalidArgument exception should be thrown if the hashes are not equal.

This message was sent by Atlassian JIRA

View raw message