We should keep and restrict all the data for any datapackage under the corresponding bitstore key (dir), in the subkeys (subdirs/files). So that malicious or careless user, uploading a datapackage resource will not ever overwrite any other datapackage's data or metadata.
To achieve that we should forbid resource paths to refer to parent-directory with double-dots ../. This could be done when user calls authorize_upload api, or even earlier, when she uploads datapackage metadata [?](unsure)
As a sidenote - amazon treats dot-dirs as regular dirs(keys). Probably it does not have a special meaning for double-dots either. This should be checked.
We should keep and restrict all the data for any datapackage under the corresponding bitstore key (dir), in the subkeys (subdirs/files). So that malicious or careless user, uploading a datapackage resource will not ever overwrite any other datapackage's data or metadata. To achieve that we should forbid resource paths to refer to parent-directory with double-dots
../
. This could be done when user callsauthorize_upload
api, or even earlier, when she uploads datapackage metadata [?](unsure)see also: #188