You might try searching JIRA, I believe there is an issue in there that attempts to provide an encrypted Directory implementation. You might also just use file system encryption.
On Aug 12, 2011, at 8:09 PM, Chris Zakian wrote: > Hey, thanks for your reply Shaneal, > > I do have a person to consult with about the crypto code, it is just a > matter of figuring out which streams > to grab. So encrypting all of the write operations in IndexOutput (and > DataOutput) and decrypting to plaintext in IndexInput on the way out should > let me search normally correct? In other words, when I do a query, will it > also pass through the same classes so that There is still search > functionality? > > On Fri, Aug 12, 2011 at 6:43 PM, Shaneal Manek <shan...@greplin.com> wrote: > >> For starters, you probably shouldn't be writing your own crypto code >> (unless you're a professional cryptographer, or your project has >> access to one to audit your code). See, for example, >> >> http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html >> . >> If you *have* to, you'll probably want to subclass the NIOFSDirectory >> (and, more precisely, the IndexInput and IndexOutput streams). >> >> A more reasonable approach might be to encrypt the underlying volume >> the Lucene Index will be on with something like LVM. The details will, >> of course, depend on the particulars of how/when you have access to >> your key. >> >> -Shaneal >> >> On Fri, Aug 12, 2011 at 12:15 PM, Chris Zakian <czak...@gmail.com> wrote: >>> Hello, >>> >>> I am currently adding Lucene (in combination with hibernate search) to a >>> medical record service. As such, I need to encrypt the indexes so that >>> unauthorized people don't have access to them by bypassing the system's >>> database security. I was wondering if anyone had a) implemented a >> security >>> measure that encrypts the indexes or b) if I were to write my own >>> encryption, what classes actually handle all the IO to and from the >> indexes. >>> In praticular, where would I get the Input/Output Streams in order to >>> encrypt them. >>> >>> Thanks, >>> Chris. >>> GSOC intern with OpenMRS >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org >> For additional commands, e-mail: java-user-h...@lucene.apache.org >> >> -------------------------------------------- Grant Ingersoll --------------------------------------------------------------------- To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org For additional commands, e-mail: java-user-h...@lucene.apache.org
