[
https://issues.apache.org/jira/browse/CMIS-1001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15584194#comment-15584194
]
Ron Gavlin commented on CMIS-1001:
----------------------------------
Per Florent's suggestion, I will address this issue by implementing support for
RFC 3230 HTTP Digest Header verification in the server. This is preferred since
Mime Header verification only supports multipart/form-data MIC and provides no
solution for application/x-www-form-urlencoded MIC.
> Parse Content-MD5 Mime Header and use it for validation if present
> ------------------------------------------------------------------
>
> Key: CMIS-1001
> URL: https://issues.apache.org/jira/browse/CMIS-1001
> Project: Chemistry
> Issue Type: Improvement
> Components: opencmis-server
> Affects Versions: OpenCMIS 1.0.0
> Reporter: Ron Gavlin
> Priority: Minor
>
> Sometimes content streams get corrupted over the wire. Content stream hashes
> are often used to protect against these corruptions.
> Apache Chemistry OpenCMIS should validate contentStream input to AtomPub and
> Browser Binding CMIS operations, including setContentStream,
> appendContentStream, checkIn, and createDocument, by comparing the content
> stream MD5 hash against a Content-MD5 MIME header if present. A CMIS
> invalidArgument exception should be thrown if the hashes are not equal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
