Hi, Am 12.03.2013 um 15:02 schrieb Alexander Klimetschek:
> On 12.03.2013, at 12:32, Felix Meschberger <fmesc...@adobe.com> wrote: > >> Thus the proposed JackrabbitSession.getValueByContentIdentity(String) method >> would allow for round tripping the JackrabbitValue.getContentIdentity() >> preventing superfluous binary data copying and moving. > > The idea sounds good to me :-) (Disclaimer: discussed this with Felix f2f > before) > >> Questions: >> >> (c) Can we and if yes, how can we control access ? > > It's a bit tricky, and I think the best way to do it is: > - by default no access at all (getValueByContentIdentity() returns null aka > not found) I would prefer a SecurityException, but JCR has a notion of "no access looks the same as non-existing", so an ItemNotFoundException would probably be thrown in this case (due to JCR throwing an exception if something does not exist instead of just returning null). > - have a special privilege for this feature, that you only want to enable for > users that need this feature > - because such a repository-wide optimization feature generally does require > a user with wide permissions +1 We could use a repository level permission like we have to workspace creation. > - nice to have: avoid that the content ID is a hash of the binary, so that an > attacker (who already go the above privilege) still cannot infer existence of > a binary he knows; but then he might have enough read & write access already, > as a user with that permission is likely to have broad rights, as for copying > things over from one instance to another requires that We don't do such "security by obscurity" things for regular path and node ID acces. So we might not want to try it here. Rather we should provide proper access control on access. > >> (d) What else ? > > This is practically only about Binaries and the FileDataStore, but the > JackrabbitValue.getContentIdentity() is generic across all value types. If > there might be such a store for other properties in the future, the content > id must uniquely identify that store (e.g. value type) as well. I would expect such a content identity to be "globally unique" and internally handled by the repository such that roundtripping between getContentIdentity and getValueByContentIdentity can be guaranteed (provided access control allows for it. Regards Felix > > Cheers, > Alex > > -- Felix Meschberger | Principal Scientist | Adobe
