couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Joseph Davis (JIRA)" <>
Subject [jira] Commented: (COUCHDB-558) Validate Content-MD5 request headers on uploads
Date Sun, 15 Nov 2009 18:13:39 GMT


Paul Joseph Davis commented on COUCHDB-558:


This is looking much better. I dunno what I was thinking about the HandleReq earlier.

I definitely like the new approach to handling the trailiers and so on. Though, this feels
like it should be part of mochiweb_request.erl and this code would just call a single function
that would automatically do the trailer detection and parsing. Ideally it'd be mostly transparent
to something like Req:body() as well.

The to_mochiweb_headers should probably use an existing mochiweb function for header parsing
so that we can blame someone when its not right. I'm pretty sure that regexp would break with
white space left of the colon and leaves whitespace after the value.

The update_req function looks pretty good at first pass. One of the benefits of pushing this
upstream is that they'll review it as well to make sure we're not missing anything.

Hmmm. I just thought, if an attachment request comes in with a content-md5 header, this patch
is going to try and buffer that in RAM. That's obviously not good. To overcome that you'll
need to push almost all of that logic into mochiweb_request.erl to do this properly. This
means delaying md5 on chunked transfers until the trailers are read. Then as soon as you can
check the md5, just throw that same exception.

> Validate Content-MD5 request headers on uploads
> -----------------------------------------------
>                 Key: COUCHDB-558
>                 URL:
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Database Core, HTTP Interface
>            Reporter: Adam Kocoloski
>             Fix For: 0.11
>         Attachments: jira-couchdb-558-for-trunk-2nd-try.patch, jira-couchdb-558-for-trunk-3rd-try.patch,
> We could detect in-flight data corruption if a client sends a Content-MD5 header along
with the data and Couch validates the MD5 on arrival.
> RFC1864 - The Content-MD5 Header Field

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message