Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73162

Allow instant uploads of files which already exist in the file storage api




      This is an optimization that many file system clients such as dropbox and seafile do. If you are trying to upload a file and that file already exists and you can prove it securely, then we don't need to upload it we can just create the new metadata records and the "upload" is more or less instant.

      We can't do this at the php level but we should be able to do this at the JS level in various places in the repository upload plugin.

      Note that dropbox did have a security issue here in its original implementation which was based purely on the file hash, ie if you happened to know the hash of a file, then you can pretend you have the file, do a fake upload, and then download the new file and gain access to something you may not have had originally. From memory Dropbox was de-duplicating across all accounts so it was easy to leak files. There needs to be some security check where the client says 'I have this file with hash X and size Y' and the server picks a random part of the files and then says 'prove it by giving me the hash of this random chunk from A-B'. 





            Unassigned Unassigned
            brendanheywood Brendan Heywood
            1 Vote for this issue
            4 Start watching this issue