Right now it is possible to end up with a corrupt file:
The server could crash while writing the file
A client controlled by an attacker can keep the connection open and never actually finish writing the file, never trigering the sha256sum check.
If append-only mode is enabled, there is also no way for the client to rewrite the file to correct it.
In order to actually guarantee integrity, data should always be written to a temporary file, which is atomically moved in place once the entire file has been written and its hash verified.
Related to PR #130.
What are you trying to do? What is your use case?
Not lose data.
Did rest-server help you today? Did it make you happy in any way?
Output of
rest-server --version
Master as of 9 Aug 2021 (d39bc8e6cffd76534a674f3706cbee2e150b080d).
What should rest-server do differently?
As mentioned in https://github.com/restic/rest-server/pull/130#issuecomment-753966573, rest-server should write new blobs to a temporary file and atomically move them to the right filename if the write succeeds and the sha256sum checks out.
Right now it is possible to end up with a corrupt file:
If append-only mode is enabled, there is also no way for the client to rewrite the file to correct it.
In order to actually guarantee integrity, data should always be written to a temporary file, which is atomically moved in place once the entire file has been written and its hash verified.
Related to PR #130.
What are you trying to do? What is your use case?
Not lose data.
Did rest-server help you today? Did it make you happy in any way?
Has not lost data yet.