We should keep and restrict all the data for any datapackage under the corresponding bitstore key (dir), in the subkeys (subdirs/files). So that malicious or careless user, uploading a datapackage resource will not ever overwrite any other datapackage's data or metadata.
To achieve that we should forbid resource paths to refer to parent-directory with double-dots ../. On the client it could be checked during the datapackage validation.
See also the same server side restriction: openknowledge-archive/dpr-api#189
We should keep and restrict all the data for any datapackage under the corresponding bitstore key (dir), in the subkeys (subdirs/files). So that malicious or careless user, uploading a datapackage resource will not ever overwrite any other datapackage's data or metadata.
To achieve that we should forbid resource paths to refer to parent-directory with double-dots
../. On the client it could be checked during the datapackage validation.See also the same server side restriction: openknowledge-archive/dpr-api#189