Hi Samuel, Exposing the md5 hash in attachment properties is more or less trivial, but not yet done. Ticket 687 was more or less forgotten (nobody else asked for the feature or commented on it).
Please, leave your comment there and/or vote for it. I'll implement it if nobody else has votes against the feature. Thanks for "resurrecting" the ticket. As for the MITM attacks in replication, I don't think that exposing an hash/digest would prevent them, as an attacker could inject his own hashes/digests. I think the way to go is through SSL (although not perfect of course). cheers On Sat, Aug 28, 2010 at 2:42 AM, sgoto <[email protected]> wrote: > > hi couchdb-users, > do we have any plans on implementing sha1/md5 hashing of attachments and > sending it to validate_doc_update ? how are developers validating couchdb > attachments these days (eg MITM attacks on replication) ? > filipe implemented this recently > http://svn.apache.org/viewvc?view=revision&revision=891077 > and this seems to have been filed too > https://issues.apache.org/jira/browse/COUCHDB-687 > i was wondering if this is already available for me to use or if extra > work needs to be done. ideas ? > cheers, sam > PS this is more of a d...@couchdb question, but i'm having problems > posting to the group and emails bouncing back. anyone else having issues ? > -- > f u cn rd ths u cn b a gd prgmr ! -- Filipe David Manana, [email protected], [email protected] "Reasonable men adapt themselves to the world. Unreasonable men adapt the world to themselves. That's why all progress depends on unreasonable men."
