couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <robert.new...@gmail.com>
Subject Re: SHA-1 checksum validation on attachments
Date Thu, 03 Feb 2011 16:10:10 GMT
CouchDB can already do this. If you supply a Content-MD5 request
header when uploading an attachment, CouchDB will reject the write if
it calculates a different MD5 than the one you supplied.

B.


B.

On Thu, Feb 3, 2011 at 3:24 PM, Paul Hirst <paul.hirst@sophos.com> wrote:
> I'm thinking of storing files in couch. I would probably create a document like
> {
>    _id : "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd",
>    md5  : "aaaaaaaaaabbbbbbbbbbccccccccccdd",
>    size : 10345662,
> }
> to store the basic metadata about the file. The _id would be the SHA-1 checksum of the
file and the MD5 and size in bytes would be the other fields in the document.
>
> Then I would attach the actual file as an attachment to this document.
>
> What I'm wondering if if there is any way to valid the checksums are correct. Ideally
couch would run a validation function which would checksum the attachment and refuse the upload
if it doesn't match the recorded md5, sha1 and size. Is there any way to achieve this?
>
> I'm thinking that a fallback measure which might be almost as good would be to have a
daemon which watches _changes and checks any new attachment to make sure they are correct.
If they aren't it could flag it up somehow and a human can take some action. I'm only trying
to protect against system bugs, not malicious intent.
>
> Any thoughts would be gratefully received.
> ________________________________
> Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
> Company Reg No 2096520. VAT Reg No GB 991 2418 08.
>

Mime
View raw message