Return-Path: X-Original-To: apmail-jackrabbit-dev-archive@www.apache.org Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 77C81E5C5 for ; Fri, 15 Mar 2013 08:02:29 +0000 (UTC) Received: (qmail 53097 invoked by uid 500); 15 Mar 2013 08:02:29 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 53046 invoked by uid 500); 15 Mar 2013 08:02:29 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 53017 invoked by uid 99); 15 Mar 2013 08:02:28 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Mar 2013 08:02:28 +0000 X-ASF-Spam-Status: No, hits=-1.3 required=5.0 tests=FRT_ADOBE2,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of fmeschbe@adobe.com designates 64.18.1.191 as permitted sender) Received: from [64.18.1.191] (HELO exprod6og106.obsmtp.com) (64.18.1.191) by apache.org (qpsmtpd/0.29) with SMTP; Fri, 15 Mar 2013 08:02:21 +0000 Received: from outbound-smtp-2.corp.adobe.com ([193.104.215.16]) by exprod6ob106.postini.com ([64.18.5.12]) with SMTP ID DSNKUULVePDvwgAfCr69sxVwxkrRGBOpKL8b@postini.com; Fri, 15 Mar 2013 01:02:00 PDT Received: from inner-relay-1.corp.adobe.com (inner-relay-1.corp.adobe.com [153.32.1.51]) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r2F81w2h023994 for ; Fri, 15 Mar 2013 01:01:59 -0700 (PDT) Received: from nacas03.corp.adobe.com (nacas03.corp.adobe.com [10.8.189.121]) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r2F81vAV002637 for ; Fri, 15 Mar 2013 01:01:57 -0700 (PDT) Received: from eurcas01.eur.adobe.com (10.128.4.27) by nacas03.corp.adobe.com (10.8.189.121) with Microsoft SMTP Server (TLS) id 8.3.298.1; Fri, 15 Mar 2013 01:01:57 -0700 Received: from eurmbx01.eur.adobe.com ([10.128.4.32]) by eurcas01.eur.adobe.com ([10.128.4.27]) with mapi; Fri, 15 Mar 2013 08:01:56 +0000 From: Felix Meschberger To: "dev@jackrabbit.apache.org" Date: Fri, 15 Mar 2013 08:01:55 +0000 Subject: Re: Getting a value by its data identifier Thread-Topic: Getting a value by its data identifier Thread-Index: Ac4hU1wqux/WN4JHSVKOrbqfXsHnUg== Message-ID: References: <8F5B0586-FB96-4296-9310-576FFF0D30F8@adobe.com> <4C552DC4-C603-4409-8AFD-E9FB8909036B@adobe.com> In-Reply-To: <4C552DC4-C603-4409-8AFD-E9FB8909036B@adobe.com> Accept-Language: de-DE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: de-DE, en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org Hi, Am 12.03.2013 um 15:02 schrieb Alexander Klimetschek: > On 12.03.2013, at 12:32, Felix Meschberger wrote: >=20 >> Thus the proposed JackrabbitSession.getValueByContentIdentity(String) me= thod would allow for round tripping the JackrabbitValue.getContentIdentity(= ) preventing superfluous binary data copying and moving. >=20 > The idea sounds good to me :-) (Disclaimer: discussed this with Felix f2f= before) >=20 >> Questions: >>=20 >> (c) Can we and if yes, how can we control access ? >=20 > It's a bit tricky, and I think the best way to do it is: > - by default no access at all (getValueByContentIdentity() returns null a= ka not found) I would prefer a SecurityException, but JCR has a notion of "no access look= s the same as non-existing", so an ItemNotFoundException would probably be = thrown in this case (due to JCR throwing an exception if something does not= exist instead of just returning null). > - have a special privilege for this feature, that you only want to enable= for users that need this feature > - because such a repository-wide optimization feature generally does requ= ire a user with wide permissions +1 We could use a repository level permission like we have to workspace creati= on. > - nice to have: avoid that the content ID is a hash of the binary, so tha= t an attacker (who already go the above privilege) still cannot infer exist= ence of a binary he knows; but then he might have enough read & write acces= s already, as a user with that permission is likely to have broad rights, a= s for copying things over from one instance to another requires that We don't do such "security by obscurity" things for regular path and node I= D acces. So we might not want to try it here. Rather we should provide prop= er access control on access. >=20 >> (d) What else ? >=20 > This is practically only about Binaries and the FileDataStore, but the Ja= ckrabbitValue.getContentIdentity() is generic across all value types. If th= ere might be such a store for other properties in the future, the content i= d must uniquely identify that store (e.g. value type) as well. I would expect such a content identity to be "globally unique" and internal= ly handled by the repository such that roundtripping between getContentIden= tity and getValueByContentIdentity can be guaranteed (provided access contr= ol allows for it. Regards Felix >=20 > Cheers, > Alex >=20 >=20 -- Felix Meschberger | Principal Scientist | Adobe