Fak3
commented
7 years ago As a sidenote - amazon treats dot-dirs as regular dirs(keys). Probably it does not have a special meaning for double-dots either. This should be checked.
Open Fak3 opened 7 years ago
Fak3
commented
7 years ago As a sidenote - amazon treats dot-dirs as regular dirs(keys). Probably it does not have a special meaning for double-dots either. This should be checked.
We should keep and restrict all the data for any datapackage under the corresponding bitstore key (dir), in the subkeys (subdirs/files). So that malicious or careless user, uploading a datapackage resource will not ever overwrite any other datapackage's data or metadata. To achieve that we should forbid resource paths to refer to parent-directory with double-dots
../. This could be done when user callsauthorize_uploadapi, or even earlier, when she uploads datapackage metadata [?](unsure)see also: #188