[ https://issues.apache.org/jira/browse/OAK-8520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16900629#comment-16900629 ]
Alexander Klimetschek commented on OAK-8520: -------------------------------------------- IMO this should be classified as a bug and given a higher priority. The blob store implementation has to ensure the immutability of blobs and not wipe them out if applications (accidentally) call completeBinaryUpload() twice. AFACS {{completeBinaryUpload()}} should simply be an idempotent operation, returning the existing blob as {{Binary}} if called the 2nd (or 3rd, or 4th...) time with the same upload token. Then clients can safely retry their request that leads to the application code to call {{completeBinaryUpload() }}and try writing the same JCR structure. > [Direct Binary Access] Avoid overwriting existing binaries via direct binary > upload > ----------------------------------------------------------------------------------- > > Key: OAK-8520 > URL: https://issues.apache.org/jira/browse/OAK-8520 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: blob-cloud, blob-cloud-azure, blob-plugins, doc > Reporter: Matt Ryan > Assignee: Matt Ryan > Priority: Major > > Since direct binary upload generates a unique blob ID for each upload, it is > generally impossible to overwrite any existing binary. However, if a client > issues the {{completeBinaryUpload()}} call more than one time with the same > upload token, it is possible to overwrite an existing binary. > One use case where this can happen is if a client call to complete the upload > times out. Lacking a successful return a client could assume that it needs > to repeat the call to complete the upload. If the binary was already > uploaded before, the subsequent call to complete the upload would have the > effect of overwriting the binary with new content generated from any > uncommitted uploaded blocks. In practice usually there are no uncommitted > blocks so this generates a zero-length binary. > There may be a use case for a zero-length binary so simply failing in such a > case is not sufficient. > One easy way to handle this would be to simply check for the existence of the > binary before completing the upload. This would have the effect of making > uploaded binaries un-modifiable by the client. In such a case the > implementation could throw an exception indicating that the binary already > exists and cannot be written again. -- This message was sent by Atlassian JIRA (v7.6.14#76016)