Odoo Server (MOVED TO GITHUB)

Need to check for SHA-1 collision when generating filenames for attachments.

Bug #1185342 reported by Daniel Hammerschmidt on 2013-05-29

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Odoo Server (MOVED TO GITHUB)	Confirmed	Wishlist	OpenERP's Framework R&D

Bug Description

If we store attachments (ir.attachment) in the filesystem the physical filename is generated from the SHA-1 hash of the files content. This is good if we save attachments with the same (binary) content to save space.

But SHA-1 is not collision free. So, two different files could have the same hash. Nobody detected a SHA-1 collision yet, AFAIK. Probably this would never happen. But if it happens assuredly we overwrite a very important document with an unimportant ad.

I added some code to check for and handle this case. Please take a look.

See original description

Related branches

lp:~openerp-community/openobject-server/7.0-server-check_for_sha1_collision-redneck

Daniel Hammerschmidt (redneck) on 2013-05-29

description:

updated

Twinkle Christian(OpenERP) (tch-openerp) on 2013-07-19

Changed in openobject-server:
assignee:	nobody → OpenERP's Framework R&D (openerp-dev-framework)
importance:	Undecided → Wishlist
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.