Hi, The issue I have found with all the solutions I could find is that once the drive is mounted on the host, any administrator can log on to the machine, access the disk and copy anything it wants. It does protect against hardware stealing, but not from a rogue admin. And to be frank, with san solutions, it is pretty hard to figure out what physical disks to steal if you want to access sensitive data. Whereas, it is easy for an individual with the right privileges (and we would like to think that rights are only given to a handful number of trusted people, but reality is that rights are given broadly over time) to access a machine and get stuff out of it.
In terms of security we try to get sensitive data in a situation where it can be stolen only if 2 or more people start collaborating (eg: a sys admin + a production app server admin + a developer). Ideally, we would find a solution providing an encrypted virtual filesystem, but only accessible from a process that provided the right credentials. We could give access to the credentials from the app server (that would provide them to the virtual filesystem), but not administrators. We see this kind of solution much more secured, but I do not know if such a product exists, and furthermore if it works on windows and is accessible from a java process. Any pointers? Thanks, vince -----Original Message----- From: Erick Erickson [mailto:erickerick...@gmail.com] Sent: mercredi, 20. novembre 2013 12:37 To: java-user Subject: Re: lucene enrypted index Use an encrypting filesystem rather than encrypt the index IMO. Here's the problem. Any encryption process that you could use for encoding short tokens that you can then search is easily broken (ask Adobe about that!). Wildcards won't work. Consider that you've indexed (encrypted) running and run. Searching run* won't match running, unless the encryption is completely trivial. You _can_ (and I have) create a custom bit of code that will encrypt the _stored_ data but not the indexed data. That still makes it possible to pretty much reconstruct the document from the index. It's painful, but it can be done (Luke does this for instance). Basically, any scheme I've seen that allows robust searching doesn't really buy you much in the way of security, you're better off encrypting at the filesystem level. Best, Erick On Tue, Nov 19, 2013 at 6:35 AM, Vincent Sevel <v.se...@lombardodier.com>wrote: > Hi, > > I am looking for an option to use lucene with an encrypted index on disk. > I looked for some lucene encrypted directories and found few options: > > - https://issues.apache.org/jira/browse/LUCENE-2228 > > - https://code.google.com/p/lucenetransform/ > But they are old, or with no activity. > > I am wondering if there are recommended solutions in that space? > Thanks for helping, > vince > > ************************ DISCLAIMER ************************ > This message is intended only for use by the person to > whom it is addressed. It may contain information that is > privileged and confidential. Its content does not constitute > a formal commitment by Lombard Odier & Cie or any of its > branches or affiliates. If you are not the intended recipient > of this message, kindly notify the sender immediately and > destroy this message. Thank You. > ***************************************************************** > ************************ DISCLAIMER ************************ This message is intended only for use by the person to whom it is addressed. It may contain information that is privileged and confidential. Its content does not constitute a formal commitment by Bank Lombard Odier & Co Ltd or any of its branches or affiliates. If you are not the intended recipient of this message, kindly notify the sender immediately and destroy this message. Thank You. ***************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org For additional commands, e-mail: java-user-h...@lucene.apache.org
