jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: BlobFactory (was Re: svn commit: r1401571 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api: BlobFactory.java Root.java)
Date Wed, 24 Oct 2012 11:32:09 GMT
Hi,

On Wed, Oct 24, 2012 at 12:30 PM, Angela Schreiber <anchela@adobe.com> wrote:
> - is the content ID of those binaries exposed somewhere?

IMO it shouldn't be exposed to clients.

> - is there an alternative way of accessing such an binary except
>   for regular property-access which was controlled by access control?

No, not beyond the session that created the binary.

> - how is the http-binding of such an binary?

A remote client should only be able to read a binary through the
containing property. The access controls on that property limit who
can access the binary.

> - how do we deal with binaries that are not associated with an
>   existing property? are they accessible somewhere/somehow? and if
>   so by whom?

Such binaries should only be accessible by the session that created them.

> - is there a way of searching the binary-store by other means that
>   executing a regular jcr/oak search on the content tree?

No.

> - can we prevent some sessions from writing to the binary-store
>   altogehter? if we can't what are the implications?

I guess we could, though I think the easiest way to do that would be
to have some special "upload binary" permission that's granted by
default but can be explicitly denied for a particular user or a
session.

> - is there way of reverting change made to the binary store without
>   having to wait for garbage collection? who would be in charge
>   of doing so? what was the interface to do that?

One could always trigger a new garbage collection run. Alternatively,
if we modify the MicroKernel API accordingly, it could be possible for
the backend implementation to tie new binaries to the sessions that
created them so that when the session is closed any binaries that
didn't get added to the content tree could be automatically released.

BR,

Jukka Zitting

Mime
View raw message