[jira] Commented: (COUCHDB-558) Validate Content-MD5 request headers on uploads

Sun, 15 Nov 2009 16:12:13 -0800 

    [ 
https://issues.apache.org/jira/browse/COUCHDB-558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12778197#action_12778197
 ] 

Paul Joseph Davis commented on COUCHDB-558:
-------------------------------------------

Filipe, 

I see what you mean about the gen_tcp:recv() call. Though there are functions 
in mochiweb_multipart.erl that'll parse the headers. They might need a bit of 
generalization though. The most important part is the call to 
mochiweb_util:parse_header(Value). Although, looking at it, I don't detect how 
they do multiple line values which is most odd. I'd have to go back to the mime 
RFCs to figure out what's what on that end.

The comment on delaying the check aimed at the attachment API which streams 
data from the socket to disk. This patch will have to figure out how to make 
that streaming check the MD5 in a trailer without buffering requests. I'm not 
sure if there's a good way to sneak this into the mochiweb_request code, or if 
there's a way to sneak into the couchdb code for reading bodies or what. 
Ideally, it wouldn't require changing the attachment handling code because 
that'd mean we're probably doing it wrong. Ideally it should be part of the 
request interface so that we don't have to sprinkle MD5 validation throughout 
all request handlers.

That ETAP error is because the script isn't marked as executable. I'm pretty 
sure that won't pass through an SVN diff so I'll make that change with the -v 
flag which is generally why you want to run a single test at a time.



> Validate Content-MD5 request headers on uploads
> -----------------------------------------------
>
>                 Key: COUCHDB-558
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-558
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Database Core, HTTP Interface
>            Reporter: Adam Kocoloski
>             Fix For: 0.11
>
>         Attachments: jira-couchdb-558-for-trunk-2nd-try.patch, 
> jira-couchdb-558-for-trunk-3rd-try.patch, jira-couchdb-558-for-trunk.patch, 
> run.tpl.patch
>
>
> We could detect in-flight data corruption if a client sends a Content-MD5 
> header along with the data and Couch validates the MD5 on arrival.
> RFC1864 - The Content-MD5 Header Field
> http://www.faqs.org/rfcs/rfc1864.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to