Florent Guillaume commented on CMIS-1001:

The patch also only deal with MD5 while the more recent {{Digest}} header 
defined by RFC 3230 allows the use of SHA-1 (and SHA-256 and SHA-512 through 
RFC 5843). It would be a shame to not take it into account.

> Parse Content-MD5 Mime Header and use it for validation if present
> ------------------------------------------------------------------
>                 Key: CMIS-1001
>                 URL: https://issues.apache.org/jira/browse/CMIS-1001
>             Project: Chemistry
>          Issue Type: Improvement
>          Components: opencmis-server
>    Affects Versions: OpenCMIS 1.0.0
>            Reporter: Ron Gavlin
>            Priority: Minor
> Sometimes content streams get corrupted over the wire. Content stream hashes 
> are often used to protect against these corruptions.
> Apache Chemistry OpenCMIS should validate contentStream input to AtomPub and 
> Browser Binding CMIS operations, including setContentStream, 
> appendContentStream, checkIn, and createDocument, by comparing the content 
> stream MD5 hash against a Content-MD5 MIME header if present. A CMIS 
> invalidArgument exception should be thrown if the hashes are not equal.

This message was sent by Atlassian JIRA

Reply via email to