[jira] Commented: (COUCHDB-558) Validate Content-MD5 request headers on uploads

Sun, 15 Nov 2009 10:14:04 -0800 

    [ 
https://issues.apache.org/jira/browse/COUCHDB-558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12778136#action_12778136
 ] 

Paul Joseph Davis commented on COUCHDB-558:
-------------------------------------------

Filipe,

This is looking much better. I dunno what I was thinking about the HandleReq 
earlier.

I definitely like the new approach to handling the trailiers and so on. Though, 
this feels like it should be part of mochiweb_request.erl and this code would 
just call a single function that would automatically do the trailer detection 
and parsing. Ideally it'd be mostly transparent to something like Req:body() as 
well.

The to_mochiweb_headers should probably use an existing mochiweb function for 
header parsing so that we can blame someone when its not right. I'm pretty sure 
that regexp would break with white space left of the colon and leaves 
whitespace after the value.

The update_req function looks pretty good at first pass. One of the benefits of 
pushing this upstream is that they'll review it as well to make sure we're not 
missing anything.


Hmmm. I just thought, if an attachment request comes in with a content-md5 
header, this patch is going to try and buffer that in RAM. That's obviously not 
good. To overcome that you'll need to push almost all of that logic into 
mochiweb_request.erl to do this properly. This means delaying md5 on chunked 
transfers until the trailers are read. Then as soon as you can check the md5, 
just throw that same exception.



> Validate Content-MD5 request headers on uploads
> -----------------------------------------------
>
>                 Key: COUCHDB-558
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-558
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Database Core, HTTP Interface
>            Reporter: Adam Kocoloski
>             Fix For: 0.11
>
>         Attachments: jira-couchdb-558-for-trunk-2nd-try.patch, 
> jira-couchdb-558-for-trunk-3rd-try.patch, jira-couchdb-558-for-trunk.patch
>
>
> We could detect in-flight data corruption if a client sends a Content-MD5 
> header along with the data and Couch validates the MD5 on arrival.
> RFC1864 - The Content-MD5 Header Field
> http://www.faqs.org/rfcs/rfc1864.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to