Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16212

Auditing should use hash-chaining for tamper-resistance

    • Server Security

      Currently mongodb's audit log is vulnerable to tampering by a malicious administrator. i.e, given a mongodb audit log there is no way to tell if any entries have been added, removed or modified.

      Roughly speaking, we could store a hash in each audit entry. Each hash would be computed from a combination that includes (but not limited to) the content of the current entry and the hash of the previous entry. The hashes form a chain that can be used to verify the integrity of the audit log. Note that there is a lot more detail required for a secure implementation

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            adam.midvidy Adam Midvidy
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: