Need to check for SHA-1 collision when generating filenames for attachments.
Bug #1185342 reported by
Daniel Hammerschmidt
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Server (MOVED TO GITHUB) |
Confirmed
|
Wishlist
|
OpenERP's Framework R&D |
Bug Description
If we store attachments (ir.attachment) in the filesystem the physical filename is generated from the SHA-1 hash of the files content. This is good if we save attachments with the same (binary) content to save space.
But SHA-1 is not collision free. So, two different files could have the same hash. Nobody detected a SHA-1 collision yet, AFAIK. Probably this would never happen. But if it happens assuredly we overwrite a very important document with an unimportant ad.
I added some code to check for and handle this case. Please take a look.
description: | updated |
Changed in openobject-server: | |
assignee: | nobody → OpenERP's Framework R&D (openerp-dev-framework) |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
To post a comment you must log in.