couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Joseph Davis (JIRA)" <>
Subject [jira] Commented: (COUCHDB-558) Validate Content-MD5 request headers on uploads
Date Mon, 16 Nov 2009 00:11:48 GMT


Paul Joseph Davis commented on COUCHDB-558:


I see what you mean about the gen_tcp:recv() call. Though there are functions in mochiweb_multipart.erl
that'll parse the headers. They might need a bit of generalization though. The most important
part is the call to mochiweb_util:parse_header(Value). Although, looking at it, I don't detect
how they do multiple line values which is most odd. I'd have to go back to the mime RFCs to
figure out what's what on that end.

The comment on delaying the check aimed at the attachment API which streams data from the
socket to disk. This patch will have to figure out how to make that streaming check the MD5
in a trailer without buffering requests. I'm not sure if there's a good way to sneak this
into the mochiweb_request code, or if there's a way to sneak into the couchdb code for reading
bodies or what. Ideally, it wouldn't require changing the attachment handling code because
that'd mean we're probably doing it wrong. Ideally it should be part of the request interface
so that we don't have to sprinkle MD5 validation throughout all request handlers.

That ETAP error is because the script isn't marked as executable. I'm pretty sure that won't
pass through an SVN diff so I'll make that change with the -v flag which is generally why
you want to run a single test at a time.

> Validate Content-MD5 request headers on uploads
> -----------------------------------------------
>                 Key: COUCHDB-558
>                 URL:
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Database Core, HTTP Interface
>            Reporter: Adam Kocoloski
>             Fix For: 0.11
>         Attachments: jira-couchdb-558-for-trunk-2nd-try.patch, jira-couchdb-558-for-trunk-3rd-try.patch,
jira-couchdb-558-for-trunk.patch, run.tpl.patch
> We could detect in-flight data corruption if a client sends a Content-MD5 header along
with the data and Couch validates the MD5 on arrival.
> RFC1864 - The Content-MD5 Header Field

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message