It's currently possible to override any existing file if you know it's id.
If you start an upload (eg. with the http-fallback) the old file gets overwritten imediatly.
It's possible to fix this by adding a check for existing files in onBeforeUpload (on the server),
but i think we should do a "security first" approach and do this for the user.
Maybe we should also not rely on the id that the user provides. We could probably use the first request that initiates the upload to create a new document on the server and return the id of that document. The following requests would then upload the chunks.
Thoughts?
It's currently possible to override any existing file if you know it's id.
If you start an upload (eg. with the http-fallback) the old file gets overwritten imediatly.
It's possible to fix this by adding a check for existing files in
onBeforeUpload(on the server),but i think we should do a "security first" approach and do this for the user.
Maybe we should also not rely on the id that the user provides. We could probably use the first request that initiates the upload to create a new document on the server and return the id of that document. The following requests would then upload the chunks.
Thoughts?