couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Joseph Davis (JIRA)" <j...@apache.org>
Subject [jira] Commented: (COUCHDB-558) Validate Content-MD5 request headers on uploads
Date Sun, 15 Nov 2009 00:42:39 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12778031#action_12778031
] 

Paul Joseph Davis commented on COUCHDB-558:
-------------------------------------------

Filipe,

Overall it looks pretty good, but a couple points:

* We should probably be checking the Content-MD5 before we process the request.
* check_integrity should probably throw an error or return the body
* You should still be recording stats even when validation fails
* There are alot of variable assignments where they aren't necessary.
* keep lines less than 80 characters
* The perl in the JS test is ungood. Either paste it here, or better, use an Erlang test to
check.
* really_long_function_names_are_hard_to_read - The functions for trailers could be made more
generic.
* The check for Content-MD5 appears to be case sensitive
* get_has_from_trailer is weird... oh its an rstrip. There's probably a better way to do that.
Try referencing how Mochiweb parses its headers.

I think the idea is pretty solid. The only thing I'm a bit concerned about is the trailier
parsing. The current bits are a bit awkard. In a perfect world id prefer to see that as a
patch to mochiweb, but having it in CouchDB is fine if they rejected that patch or during
the time it takes to get into upstream.

Also, if you take the approach of having your hash matching function just throw an error that
will get caught by the try/catch around the HandleReq() call, it should simplify a whole lot
of this.

If none of that makes any sense let me know and I'll refactor the patch locally to try and
explain things more concretely.

> Validate Content-MD5 request headers on uploads
> -----------------------------------------------
>
>                 Key: COUCHDB-558
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-558
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Database Core, HTTP Interface
>            Reporter: Adam Kocoloski
>             Fix For: 0.11
>
>         Attachments: jira-couchdb-558-for-trunk-2nd-try.patch, jira-couchdb-558-for-trunk.patch
>
>
> We could detect in-flight data corruption if a client sends a Content-MD5 header along
with the data and Couch validates the MD5 on arrival.
> RFC1864 - The Content-MD5 Header Field
> http://www.faqs.org/rfcs/rfc1864.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message