launchpad-dev team mailing list archive

[Stuart Bishop <stuart.bishop@xxxxxxxxxxxxx>]

On Fri, Jul 30, 2010 at 5:35 PM, Julian Edwards
<julian.edwards@xxxxxxxxxxxxx> wrote:
> On Thursday 29 July 2010 17:50:35 Abel Deuring wrote:
>> On 29.07.2010 15:25, Aaron Bentley wrote:
>> > On 07/29/2010 07:52 AM, Abel Deuring wrote:
>> >> Hi Stuart,
>> >>
>> >> I am currently working on
>> >> https://bugs.edge.launchpad.net/malone/+bug/39674 (Attachments of
>> >> private bugreports are public). This involves of course to set the
>> >> attribute LFA.restricted to True for private bugs.
>> >>
>> >> My first idea was to simply set the restricted flag of all LFAs of
>> >> BugAttachments of a bug in the method Bug.setPrivate().
>> >>
>> >> But a comment from Robert in
>> >> https://code.edge.launchpad.net/~adeuring/launchpad/bug-39674-lfa-editab
>> >> le/+merge/29314 let me think again if we should enforce the consistency
>> >> of
>> >> LFA.restricted and Bug.private on the database level.
>> >
>> > Another option is to just make all bug attachments restricted, and let
>> > the bug provide access to the attachments as appropriate.  This is the
>> > approach we used with merge proposal diffs.
>>
>> Right. But I am not sure if we really want to serve files with a size
>> of, let's say, 5MB via StreamOrRedirectLibraryFileAliasView.__call__()
>> if the content is public.
>
> Didn't Rob just fix that problem?  He said he'd done a patch that involves
> token passing instead of redirecting the whole file via a webapp.

Robert is still working on it.

Assuming no major hiccups, Launchpad will no longer need to proxy
restricted files. Instead, they can be accessed as
https://launchpadlibrarian.net/123/456/file.txt?token=abc123. The
token will expire after a time, at which point the librarian will
redirect requests back to the appserver for a new token. So restricted
files will be publicly accessible if the URL + token is leaked, but
only for a limited time.


-- 
Stuart Bishop <stuart@xxxxxxxxxxxxxxxx>
http://www.stuartbishop.net/