You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Filipe David Manana <fd...@apache.org> on 2010/08/28 20:38:01 UTC
Re: security & attachments & replication & hashing
Hi Samuel,
Exposing the md5 hash in attachment properties is more or less
trivial, but not yet done. Ticket 687 was more or less forgotten
(nobody else asked for the feature or commented on it).
Please, leave your comment there and/or vote for it.
I'll implement it if nobody else has votes against the feature.
Thanks for "resurrecting" the ticket.
As for the MITM attacks in replication, I don't think that exposing an
hash/digest would prevent them, as an attacker could inject his own
hashes/digests. I think the way to go is through SSL (although not
perfect of course).
cheers
On Sat, Aug 28, 2010 at 2:42 AM, sgoto <sa...@gmail.com> wrote:
>
> hi couchdb-users,
> do we have any plans on implementing sha1/md5 hashing of attachments and sending it to validate_doc_update ? how are developers validating couchdb attachments these days (eg MITM attacks on replication) ?
> filipe implemented this recently
> http://svn.apache.org/viewvc?view=revision&revision=891077
> and this seems to have been filed too
> https://issues.apache.org/jira/browse/COUCHDB-687
> i was wondering if this is already available for me to use or if extra work needs to be done. ideas ?
> cheers, sam
> PS this is more of a dev@couchdb question, but i'm having problems posting to the group and emails bouncing back. anyone else having issues ?
> --
> f u cn rd ths u cn b a gd prgmr !
--
Filipe David Manana,
fdmanana@gmail.com, fdmanana@apache.org
"Reasonable men adapt themselves to the world.
Unreasonable men adapt the world to themselves.
That's why all progress depends on unreasonable men."
Re: security & attachments & replication & hashing
Posted by "Eli Stevens (Gmail)" <wi...@gmail.com>.
On Sat, Aug 28, 2010 at 11:38 AM, Filipe David Manana
<fd...@apache.org> wrote:
> Exposing the md5 hash in attachment properties is more or less
> trivial, but not yet done. Ticket 687 was more or less forgotten
> (nobody else asked for the feature or commented on it).
>
> Please, leave your comment there and/or vote for it.
> I'll implement it if nobody else has votes against the feature.
>
> Thanks for "resurrecting" the ticket.
I would find having an md5 sum of the uncompressed data present in the
_attachments info to be very useful (I just found and voted for the
ticket).
Just lending my vocal support for the idea, since there didn't seem to
be much already. :)
Eli