XML submission checksum #1122
XML submission checksum #1122
Conversation
Store the checksum of a submission XML and use it to compare when checking for changes/edits in the data.
ukanga
force-pushed
the
hash-xml-submission-check
branch
from
6f728bb to
180c4b9
Compare
onadata/libs/utils/logger_tools.py
Outdated
| @@ -279,10 +285,11 @@ def create_instance(username, | |||
| xml = xml_file.read() | |||
| xform = get_xform_from_submission(xml, username, uuid) | |||
| check_submission_permissions(request, xform) | |||
| checksum = md5(xml).hexdigest() | |||
There was a problem hiding this comment.
can we use sha256 here? I know we're not using it for something were collisions are a big deal right now, but since it's possible to construct collisions intentionally in md5 I'd prefer we do not use it anywhere
There was a problem hiding this comment.
I think for the functionality we want, sha256 might be an overkill, the collision will be limited to the single form when it does occur.
There was a problem hiding this comment.
Unless there's a big performance penalty, it's worth it to reduce the chance of collisions and because it's concerning that someone can intentionally create a colliding document if we use md5
onadata/libs/utils/logger_tools.py
Outdated
| @@ -297,7 +304,7 @@ def create_instance(username, | |||
| # has already been submitted for that user. | |||
| return DuplicateInstance() | |||
|
|
|||
| # get new and depracated uuid's | |||
| # get new and deprecated uuid's | |||
There was a problem hiding this comment.
while we're at it, UUIDs instead of uuid's, this is not a possessive
No description provided.