What I am looking for is a way to convince management that someone doing
maintenance on the database will not be able to read all their email.
They understand the intrinsic insecurity of email. They are just trying
to avoid passive intrusion as opposed to active intrusion. One example
is that my system admin, without trying to read anybodys email, was
trying to learn how the tables work, so he opened the tables in a MySQL
viewer and looked at what data was in each table. He wasn't _actively
trying_ to read email, but while doing it he did read email.
However, the 2 requirements are that they can read the message on the
client without having to jump through hoops and that they don't have to
tell everyone who sends them a message that they have to send it
encrypted. Without those 2 things they are going to stay with regular
POP email (not dbmail POP, which still keeps the mails in the database
until cleanup, if I understand correctly).
James Cloos idea of doing the encryption at the MTA is a great idea that
I hadn't thought about. I'm going to investigate the possibility.
Sim
-------- Original Message --------
Subject: [Dbmail] mail encryption
From: Dave Logan <[EMAIL PROTECTED]>
To: DBMail mailinglist <[email protected]>
Date: Tuesday, January 29, 2008 07:08:02 PM
So, I'm just throwing this out there, are you looking for
true encryption, or just an obfuscation? For example could
you do a rot13 or something equivalent? Sure it's not real
security, and it's easily enough worked around, i.e.
instead of searching for 'salary' I'd search for the rot13
value of 'salary'. But maybe it's an extra step that would
make them (the management) feel more secure. And isn't that
what this is really about?
dave
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
