[
https://issues.apache.org/jira/browse/JCR-3534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13606193#comment-13606193
]
angela commented on JCR-3534:
-----------------------------
i share jukka's concerns.
the way the permissions are extended is not acceptable from a security point of
view as it compromises the overall
security of the system: while a given property value was not accessible due to
limited access to a given jcr property
it would become visible to a given session if the 'access-by-datastore-id' was
turned on. this creates the exact same
problem were are currently having with the version store and removes the
ability to enforce access permissions
on the binary values while at the same time the binary values are most probably
those that contain the most
sensitive information.
-1 for the patch.
we have to think about the security implications and address those in a
reasonable manner.
in particular accessing a binary by id should always allow to enforce the
permissions that were
in place at the corresponding property.
in fact we discussed that in the oak project:
http://markmail.org/message/5omo54jpue4si3e4?q=blobfactory
> Add JackrabbitSession.getValueByContentId method
> ------------------------------------------------
>
> Key: JCR-3534
> URL: https://issues.apache.org/jira/browse/JCR-3534
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-api, jackrabbit-core
> Affects Versions: 2.6
> Reporter: Felix Meschberger
> Attachments: JCR-3534.patch
>
>
> we have a couple of use cases, where we would like to leverage the global
> data store to prevent sending around and copying around large binary data
> unnecessarily: We have two separate Jackrabbit instances configured to use
> the same DataStore (for the sake of this discussion assume we have the
> problems of concurrent access and garbage collection under control). When
> sending content from one instance to the other instance we don't want to send
> potentially large binary data (e.g. video files) if not needed.
> The idea is for the sender to just send the content identity from
> JackrabbitValue.getContentIdentity(). The receiver would then check whether
> the such content already exists and would reuse if so:
> String ci = contentIdentity_from_sender;
> try {
> Value v = session.getValueByContentIdentity(ci);
> Property p = targetNode.setProperty(propName, v);
> } catch (ItemNotFoundException ie) {
> // unknown or invalid content Identity
> } catch (RepositoryException re) {
> // some other exception
> }
> Thus the proposed JackrabbitSession.getValueByContentIdentity(String) method
> would allow for round tripping the JackrabbitValue.getContentIdentity()
> preventing superfluous binary data copying and moving.
> See also the dev@ thread
> http://jackrabbit.markmail.org/thread/gedk5jsrp6offkhi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
