Dell DX6012S DX Object Storage Application Guide - Page 76
Basic Content Integrity Assurance
![]() |
View all Dell DX6012S manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 76 highlights
Chapter 20. Basic Content Integrity Assurance DX Storage provides some basic capabilities for allowing applications to obtain and validate integrity guarantees on the stored data. Integrity here means an independently verifiable guarantee that the data returned for a given name or UUID is exactly the same data that was stored using that name or UUID, perhaps many months or years in the past. This is done by hashing the data using a cryptographic hash algorithm; content metadata is not included in the hash. If the application stores the name or UUID and its associated hash value, these can be used later to verify the content has not changed, either through accidental or malicious means. 20.1. Integrity Seals An integrity seal is a URL containing an object's name or UUID, its hash value, and the type of hash algorithm that was used for the computations. An application can request an integrity seal when it performs a WRITE by including a hashtype query string as follows: POST http://company.cluster.com/?hashtype=md5 HTTP/1.1 Currently allowable hashtypes are md5, sha1, sha256, sha384, and sha512. After creating the object and assigning a name or UUID, DX Storage replies with a 201 (Created) response that includes a location header with a URL that can later be used to retrieve the data. In addition to the host and name or UUID, the URL includes the hash type and hash value computed from the content object. This URL, including the triple name or UUID, hash type, and hash, is referred to as the integrity seal of the content object. Following is an example of a complete integrity seal embedded in a Location header for an unnamed object. Location: http://129.69.251.143/41A140B5271DC8D22FF8D027176A0821? hashtype=md5&hash=7A25E6067904EAC8002498CF1AE33023 20.2. Validating Reads An integrity seal can be used in a subsequent READ request to validate the data stored in a DX Storage cluster (any cluster). By supplying the URL returned in the Location header from the WRITE request (perhaps replacing the host address if connected to a different cluster or node), the application can ask DX Storage to validate while reading the data. For example: GET http://129.69.251.143/41A140B5271DC8D22FF8D027176A0821?hashtype=md5& hash=7A25E6067904EAC8002498CF1AE33023 HTTP/1.1 Upon receiving such a READ request, DX Storage recomputes the hash of the stored content using the supplied hashtype and compares the computed hash with the hash value in the integrity seal. If the two values do not match, DX Storage send a 200 (OK) response but drops the connection prior to sending the object content. If, on the other hand, the content has not been modified or corrupted in any way, the hashes match and, in that case, DX Storage returns the object as usual with the computed digest as a trailing Location header. Because the hash algorithms are published and well-known, it is also possible for users and third parties to independently validate an object that has been stored by DX Storage. This can be done by reading its contents, computing the hash value, and comparing it with the hash value in the seal. By publishing an integrity seal at the time it is created one can even provide indisputable evidence Copyright © 2010 Caringo, Inc. All rights reserved 71 Version 5.0 December 2010
![](/manual_guide/products/dell-dx6000-dx-object-storage-application-guide-e2639a2/76.png)