I learned how to code at university, so I've been at it since 2014. I've dabbled in open source contributions but would like to get into it more. Other than 1's and 0's, I love to travel.
Thanks for the reply. Mongo must have changed their documentation around a little. I found what you are referring to here, but if you look at the glossary it says that the machine ID and process ID are used to generate the ObjectId. There is also a Security StackExchange post I found about the ObjectId having this potentially harmful information in it. Do you think this is enough for someone to exploit? It doesn't seem trivial to me, but I guess that's not the point!
The security post is indeed a little concerning, good catch! If you look at the documentation from version 3.0 for example, and version 4.0, it seems like the implementation of ObjectId has changed to use a random value instead of the machine-process combination.
I learned how to code at university, so I've been at it since 2014. I've dabbled in open source contributions but would like to get into it more. Other than 1's and 0's, I love to travel.
Thanks for the reply. Mongo must have changed their documentation around a little. I found what you are referring to here, but if you look at the glossary it says that the machine ID and process ID are used to generate the ObjectId. There is also a Security StackExchange post I found about the ObjectId having this potentially harmful information in it. Do you think this is enough for someone to exploit? It doesn't seem trivial to me, but I guess that's not the point!
The security post is indeed a little concerning, good catch! If you look at the documentation from version 3.0 for example, and version 4.0, it seems like the implementation of ObjectId has changed to use a random value instead of the machine-process combination.
That's the missing piece. Nice find. I wonder if the motivation was to get rid of that potential threat. Thanks for the thoughts!