[
https://issues.apache.org/jira/browse/FINERACT-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18067845#comment-18067845
]
Aleksandar Vidakovic commented on FINERACT-2485:
------------------------------------------------
Thanks for adding the additional infos [~saifulhuq]... adding some minor
details:
- let's avoid JPA altogether; I think implicitly that's clear anyway by using
INSERT ON CONFLICT, just wanted to emphasize this again; JPA has no benefit
here
- [~saifulhuq] said already that the implementation must be independent of
CommandSource; as for the CommandHasher: the interface might maybe look like
"CommandHasher<T>" where T is either "CommandSource" or "Command" (latter are
the new mechanics); that way we can use the same implementation in both
command processing mechanics; we'll certainly have to live a bit longer with
the 2 processing mechanics until everything is migrated
> [GSoC 2026] [POC] Standardize and Harden Transaction Idempotency for Savings
> and Loans
> --------------------------------------------------------------------------------------
>
> Key: FINERACT-2485
> URL: https://issues.apache.org/jira/browse/FINERACT-2485
> Project: Apache Fineract
> Issue Type: Sub-task
> Reporter: saifulhuq
> Priority: Major
> Labels: poc, security
>
> *Goal:* Standardize idempotency enforcement to prevent replay attacks in core
> financial modules. *Implementation Strategy (Addressing James Dailey's
> feedback):*
> # *Opt-In Architecture:* New logic will be behind a Global Configuration
> flag. Default remains legacy behavior to ensure 100% backward compatibility.
> # *Phased Approach:* Audit existing {{m_portfolio_command_source}} usage and
> bridge gaps in the Savings module first.
> # *Testing:* Implementation of integration tests simulating network
> failures/retries.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
