Hi everyone, one thing I noticed in the S3 datastore while working on the direct binary access: it seems as if binaries added via InputStream might get uploaded before a session.save(). That might be because the upload happens (by default) asynchronously in the S3 DS, and that pool is filled right when the binary (Blob) is added, but before it gets persisted.
That might be ok, but the problem is that the AC check only happens during session.save(). IIUC, that means an anonymous session could upload binaries into the S3. I saw the behavior while testing on the 1.8 branch. The code was very complicated to follow because of the asynchronous nature, so maybe I am missing something, such as a "cancel upload" upon failure of the session.save(). On a related note, it also seemed impossible to disable the async upload. Apparently setting stagingSplitPercentage = 0 should disable it (which is a bit of an unintuitive name if you ask me) but it did not work for me. Please excuse if this has been fixed in trunk, I didn't have the chance to test this there. Cheers, Alex
