jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Deparvu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OAK-7570) [DirectBinaryAccess][DISCUSS] Client access via DataStoreBlobStore directly
Date Mon, 02 Jul 2018 11:45:00 GMT

    [ https://issues.apache.org/jira/browse/OAK-7570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16529750#comment-16529750
] 

Alex Deparvu commented on OAK-7570:
-----------------------------------

bq. Also using an arbitrary property that can be chosen by the caller as a proxy for access
control to the blob store doesn't seem right to me. AFAIK Oak's access control model is powerful
enough to address this by adding proper permission checks. angela, Alex Deparvu, could you
please help sorting this aspect out?

With a very limited view on the current patch and after having a chat with [~mduerig] I think
this part should be taken on as a dedicated issue not as a side note on an unrelated patch.
The current behavior even if problematic has been there since the beginning and it deserves
a proper analysis and fix, there may be other entry points into binary creation and all of
them must be protected.

> [DirectBinaryAccess][DISCUSS] Client access via DataStoreBlobStore directly
> ---------------------------------------------------------------------------
>
>                 Key: OAK-7570
>                 URL: https://issues.apache.org/jira/browse/OAK-7570
>             Project: Jackrabbit Oak
>          Issue Type: Technical task
>          Components: blob-plugins
>            Reporter: Matt Ryan
>            Assignee: Matt Ryan
>            Priority: Major
>
> Open discussion related to OAK-7569:
> The [original pull request|https://github.com/apache/jackrabbit-oak/pull/88] proposes
changes to oak-api, oak-segment-tar, oak-store-document, oak-core, and oak-jcr as well as
oak-blob-plugins, oak-blob-cloud, and oak-blob-azure.  Would it be possible / better to keep
the changes local to the oak-blob-* bundles and avoid making changes throughout the stack?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message