the most important think to know about mongodb is that you should probably use PostgreSQL unless you know you'll need certain mongodb-specific features that PostgreSQL can offer. in which case you should use CouchDB instead.

@xj9 CouchDB is awfully sketchy with their continued use of MD5.

@nat their use of md5 doesn’t appear to result in any security risk. they aren’t using it for auth, just to checksum attachments.

@maxlath @xj9 I commented in that thread and my concerns were (incorrectly) dismissed.

The reason to use a cryptographic hash function like MD5 over a non-cryptographic hash is so that you can write code that ignores the possibility of collisions. Once the cryptographic hash function is broken - as with MD5 and SHA1 - that's no longer true. That broken assumption almost certainly creates bugs, and they're probably security bugs that allow users to at least corrupt your data.

Sign in to participate in the conversation
Mastodon is one server in the network