-
Notifications
You must be signed in to change notification settings - Fork 545
CacheKey string is not sanitized #97
Comments
We could implement some kind of hash function but this would lead to a read/write overhead. |
I agree with gcacace, the cachekey, when converted to String should be Thanks for reporting that bug. S. 2013/5/15 Riccardo Ciovati [email protected]
Stéphane NICOLAS, |
This is definitively needed, as for example, in our app, the cacheKey would be part of an URL, and right now it seems that searchrequest-URL-parts seem to be ivnalid as filenames (and I don't know why, yet), so they don't ever get cached (which is not a big problem, since they are supposed to be cached max for 15m). |
How about using UrlQuerySanitizer? It is a utility class provided by android sdk. |
@mdumrauf I think that this way of sanitization can produce collisions (for example, what happens when I'm using "cache/key" and "cache_key"? Maybe a simple chars replacement it's not enough to guarantee an unique association between cacheKey and the real filename on disk. A hybrid way can be to use a string sanitizer with a hash (SHA1 or MD5) appended in the filename (example: sanitized_cache_key_b7dba5a1bc3605a87b59ac8147512c97) |
+1 for gcacace. I just read this : And I would Aldo favor a SHA-1 encoded cache key. Thought, this should be This should be released pretty soon. If any one is interested to contribute this feature plus tests, that would We are still recruiting... Thx all for this collective problem solving.
|
Totally agree with you @gcacace. 👍 |
Hi All, I would like to contribute to this feature. What do you guys think about something like: FILE_NAME = (SANITIZE(KEY) + HASH(KEY)) This would avoid conflicts since the HASH(KEY) portion of the file name would generate different suffixes even though the sanitized prefix is the same!? |
@stephanenicolas what do you think about my proposal above? |
Quite a good idea. :) I understand that it would allow a more readable cache_key that just using a hash. If they become readable this way, then it could not be optional. Do you want to do it by your self (fork, code, test, pull request ) ? //com.octo.android.robospice.persistence.file.InFileObjectPersister<T> : line 110
public File getCacheFile(Object cacheKey) {
return new File(getCacheFolder(), getCachePrefix() + cacheKey.toString());
} We should only make the change for file based ObjectPersisters and not interact with DataBase or InMemory persisters. |
Will do. You'll receive a pull request soon :) |
Eager to :) |
@stephanenicolas I have found a small issue and wanted some insight from you on a possible solution: If we follow the approach discussed above, CacheManager.getAllCacheKeys() will return sanitized keys which might not match the expectations (knows keys) of the caller. All other APIs seem to work fine since we sanitize the keys on the way into the InFilePersisters but since after sanitizing it does no longer remember the dirty cache key it can not return the user expected set of keys. Thoughts? |
The only solutions are :
I would prefer a bijection, but is that possible ? |
@stephanenicolas another thought would be use BASE 64 FILE name safe (http://developer.android.com/reference/android/util/Base64.html#URL_SAFE) This would get us a reversible key name: FILE_NAME = BASE64(KEY); What do you think? |
That's fine for me. This should be optionally set at the SpiceService level. The implementation should check if SDK is > 8 as Base64 is not available under this SDK. An other option is to include our own base 64 impl, such implementations are available on the net. RS is still compatible with SDK 1.6, but it tends to be old now. |
@stephanenicolas http://developer.android.com/reference/android/util/Base64.html is available on API level 8 as well. Is API 8 the minimun we need to support? If so we should be fine with the android default BASE64 API and IMHO compromising the usage of the android APIs in ordert to support API < 8 does not worth it since it is such a small portion of the user base? |
Wiki has been updated to include that feature. Testers are welcome, issue is closed. |
The DefaultKeySanitizer.java implements a base64 encoding that, in some conditions, could fail because the filename is too long:
|
Do you have any working workaround ? S. 2014-04-01 13:00 GMT+02:00 gcacace [email protected]:
|
There is no sanitization of cacheKey string when is used as filename: using special chars, the filename may be invalid, so no cache is written on disk.
The text was updated successfully, but these errors were encountered: