Database Reference
In-Depth Information
will drastically (and noticeably) change the signature. This signature is used for two
reasons: security and integrity. For security, if you know what the MD5 hash is supposed
to be and you trust the source (perhaps a friend gave it to you), then you can be assured
that the file has not been altered if the hash (often called the
checksum
) is correct. This
also ensures that the file integrity has been maintained and that no data has been lost or
damaged. The MD5 hash of a particular file acts like a fingerprint for a file. The hash can
be also used to identify files that have different filenames but have the same contents.
â–
The MD5 algorithm is no longer considered secure, and it has been
demonstrated that it is possible to create two different files that have the same MD5
checksum, even though their contents are different. In cryptographic terms, this is called a
collision
. Such collisions are bad because they mean it is possible for an attacker to alter
a file in such a way that it cannot be detected. This caveat remains somewhat theoretical
because a great deal of effort and time would be required to create such collisions
intentionally; and even then, the files could be so different as to be obviously not the same
file. For this reason, MD5 is still the preferred method of determining file integrity because it
is so widely supported. however, if you want to use hashing for its security benefits, you are
much better off using one of the Sha family specifications—ideally Sha-256 or Sha-512.
even these hashing families have some theoretical vulnerabilities; however, no one has yet
demonstrated a practical case of creating intentional collisions for the Sha family of hashes.
MongoDB uses MD5 to ensure file integrity, which is fine for most purposes. however, if you
want to hash important data (such as user passwords), you should probably consider using
the Sha family of hashes instead.
Warning
Looking Under MongoDB's Hood
At this point, you have some data in a MongoDB database. Now let's take a closer look
at that data under the covers. To do this, you'll again use some command-line tools to
connect to the database and query it. For example, try running the
find()
command
against the file created earlier:
$ mongo test
MongoDB shell version: 2.6.5
connecting to: test
> db.fs.files.find()
{ "_id" : ObjectId("51cb61b26487b3d8ce7af440"), "filename" : "/tmp/
dictionary", "chunkSize" : 262144, "uploadDate" : ISODate("2013-06-
26T21:48:34.621Z"), "md5" : "40c0825855792bd20e8a2d515fe9c3e3", "length" :
4953699 }
>
