CODEWITHSUNDEEP
databasecouchdbdatabase-security
Justin Elkow
Justin Elkow

Reputation: 2943

Sending out Database Document Ids (Security)

I have a web app that stores objects in a database and then sends emails based on changes to those objects. For debugging and tracking, I am thinking of including the Document Id in the email metadata. Is there a security risk here? I could encrypt it (AES-256).

In general, I realize that security through obscurity isn't good practice, but I am wondering if I should still be careful with Document Ids.

For clarity, I am using CouchDB, but I think this can apply to databases in general.

Upvotes: 2

Views: 46

Answers (2)

Cristian Vat
Cristian Vat

Reputation: 1612

Compare Convenience and Security:

Convenience:

  • how useful is it for you having the document id in the mail?
  • can you quickly get useful information / the document having the ID ?
  • does encrypting/hashing it mean it's harder to get the actual database document? (answer here is yes unless you have a nice lookup form/something which takes the hash directly, avoid manual steps )

Security:

  • having a document ID what could I possibly do that's bad?
  • let's say you have a web application to look at documents..you have the same ID in a URL, it can't be considered 'secret'
  • if I have the ID can I access the 'document' or some other information I shouldn't be able to access. Hint: you should always properly check rights, if that's done then you have no problem.
  • as long as an ID isn't considered 'secret', meaning there aren't any security checks purely on ID, you should have no problems.
  • do you care if someone finds out the time a document was created? ( from Jan Lehnardt's answer )

Upvotes: 1

Jan Lehnardt
Jan Lehnardt

Reputation: 2659

By default, CouchDB uses UUIDs with a UTC time prefix. The worst you can leak there is the time the document was created, and you will be able to correlate about 1k worth of IDs likely having been produced on the same machine.

You can change this in the CouchDB configuration to use purely 128bit random UUIDs by setting the algorithm setting within the uuids section to random. For more information see the CouchDB Docs. Nothing should be possible to be gained from them.

Edit: If you choose your own document IDs, of course, you leak whatever you put in there :)

Upvotes: 2

Related Questions