Hi, > My name is Rafaela and I am just starting to work with Lucene for a project > that involves quite a few security aspects. > > I am working on an app that aims to manage data by using Lucene on a > mobile device. However, my application will require data to be confidential > (users will need to be logged in and have certain permissions regarding the > data). > I am currently trying to find a way to make this possible and still keep using > Lucene without having a very high performance drop-down. > > I was searching around and I found the patch from > https://issues.apache.org/jira/browse/LUCENE-2228. Since it seems to be > quite a bit old and the issue is not marked as resolved, I wanted to ask about > the status of this. Is this something that could work for securing the > information? Or is there another better solution already implemented?
You can still use the Directory implementation posted in this issue with minor modifications. Lucene always had and still has the abstract Directory interface and yes, you can use it, to implement a block-based encryption below Lucene's storage layer. In any case, you still have to cope with the performance degrade introduced by this additional layer. Another idea is to make the encryption completely invisible to lucene by using a Linux loop device that encrypts everything written / read from it. Uwe
