Auditing should use hash-chaining for tamper-resistance

XMLWordPrintableJSON

    • Server Security
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Currently mongodb's audit log is vulnerable to tampering by a malicious administrator. i.e, given a mongodb audit log there is no way to tell if any entries have been added, removed or modified.

      Roughly speaking, we could store a hash in each audit entry. Each hash would be computed from a combination that includes (but not limited to) the content of the current entry and the hash of the previous entry. The hashes form a chain that can be used to verify the integrity of the audit log. Note that there is a lot more detail required for a secure implementation

              Assignee:
              [DO NOT USE] Backlog - Security Team
              Reporter:
              Adam Midvidy (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: