[
https://issues.apache.org/jira/browse/JCR-3534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13640409#comment-13640409
]
Jukka Zitting commented on JCR-3534:
------------------------------------
> Well, we wanted to make it secure, right?
The main security threat at least as discussed above was to prevent someone
form accessing the contents or checking for the existence of a binary based on
its identifier (which can be predictable). The HMAC already protects against
that, as it guarantees that the client already has another way to access the
binary. Otherwise it couldn't have acquired a HMAC signed by the underlying
data store.
Is there some other attack vector that I'm missing?
> Expiry: this is to avoid reply attacks.
I'm not sure I follow. Who's the attacker and what does an expiry value prevent
them from doing?
> Without it, the message would no longer have the meaning of "you have access
> to this binary" but it would sometimes mean "this is the data".
I don't see a problem with that. Currently that's what the client is in any
case doing, copying the data from one repository to another. The proposed
feature here is just an optimization to that case, so it shouldn't be a problem
if in some cases the feature ends up copying the data instead of just a signed
identifier. In fact for small binaries the whole HMAC/identifier mechanism
could simply be skipped, as the data could just as well be directly copied
without notable extra overhead.
> Add JackrabbitSession.getValueByContentId method
> ------------------------------------------------
>
> Key: JCR-3534
> URL: https://issues.apache.org/jira/browse/JCR-3534
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-api, jackrabbit-core
> Affects Versions: 2.6
> Reporter: Felix Meschberger
> Attachments: JCR-3534.patch
>
>
> we have a couple of use cases, where we would like to leverage the global
> data store to prevent sending around and copying around large binary data
> unnecessarily: We have two separate Jackrabbit instances configured to use
> the same DataStore (for the sake of this discussion assume we have the
> problems of concurrent access and garbage collection under control). When
> sending content from one instance to the other instance we don't want to send
> potentially large binary data (e.g. video files) if not needed.
> The idea is for the sender to just send the content identity from
> JackrabbitValue.getContentIdentity(). The receiver would then check whether
> the such content already exists and would reuse if so:
> String ci = contentIdentity_from_sender;
> try {
> Value v = session.getValueByContentIdentity(ci);
> Property p = targetNode.setProperty(propName, v);
> } catch (ItemNotFoundException ie) {
> // unknown or invalid content Identity
> } catch (RepositoryException re) {
> // some other exception
> }
> Thus the proposed JackrabbitSession.getValueByContentIdentity(String) method
> would allow for round tripping the JackrabbitValue.getContentIdentity()
> preventing superfluous binary data copying and moving.
> See also the dev@ thread
> http://jackrabbit.markmail.org/thread/gedk5jsrp6offkhi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
