Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-8058

block access to .nexus/attributes files by default

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.11, 2.11.1
    • Fix Version/s: 2.11.2
    • Component/s: Repository
    • Labels:
      None
    • Sprint:
      Sprint 35

      Description

      Nexus stores attributes files under NEXUS_WORK/storage/<repoid>/.nexus/attributes/*

      Nexus allows GET requests to these JSON files.

      One use case where we have seen attributes file access add value is:

      Given a slow connection between Nexus A and B, and there is a very large file to proxy from B, one can check in a non-blocking manner the presence of the large file's attributes file in B by sending a GET request. This request is non-blocking because attributes files are not part of the UID lock for the large file. If the attributes file is present ( 200), this means the large file is ready to begin downloading from the remote. If the attributes file is 404, then one can assume the remote file is not ready to download.

      However, one should not normally need direct access to attributes files remotely. In Nexus 3, we could eventually provide a REST API to get attributes or determine in a non-blocking way if a large binary is ready to download.

      In the meantime, we are opting to disable downloading attributes file directly. There should be a system property to allow accessing those files though, for example in the use case above.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              plynch Peter Lynch
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title