Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73162

Allow instant uploads of files which already exist in the file storage api

    XMLWordPrintable

Details

    Description

      This is an optimization that many file system clients such as dropbox and seafile do. If you are trying to upload a file and that file already exists and you can prove it securely, then we don't need to upload it we can just create the new metadata records and the "upload" is more or less instant.

      We can't do this at the php level but we should be able to do this at the JS level in various places in the repository upload plugin.

      Note that dropbox did have a security issue here in its original implementation which was based purely on the file hash, ie if you happened to know the hash of a file, then you can pretend you have the file, do a fake upload, and then download the new file and gain access to something you may not have had originally. From memory Dropbox was de-duplicating across all accounts so it was easy to leak files. There needs to be some security check where the client says 'I have this file with hash X and size Y' and the server picks a random part of the files and then says 'prove it by giving me the hash of this random chunk from A-B'. 

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            brendanheywood Brendan Heywood
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan, Matteo Scaramuccia, Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Matteo Scaramuccia, Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: