Perhaps the easiest thing to do is to encrypt the index folder using an algorithm such as Blowfish and decrypt it on application launch and load into a RAM Directory. I had implemented something similar in the past and it worked out ok.
On Thu, Feb 25, 2010 at 7:18 PM, Nicholas Paldino [.NET/C# MVP] <[email protected]> wrote: > Hans, > > While I've seen other responses here, you haven't indicates exactly > ^what^ constitutes "unauthorized access". Does that mean someone who can > authenticate against the domain to be a certain user, or some other > criteria? > > You need to define the threats, the surface area for attacks, etc, > etc. > > It would seem like you want to use an additional shared-secret in > order to access the data, which would mean that you have to query for this > shared secret in your application, no matter what encryption technology is > used. If you are using passwords, then you need to enforce password > strength; things such as minimum lengths, use of non-alpha-numeric > characters, checks against frequency of characters in the password and > dictionary checks should be standard. > > Or, you could use a smart card with a client certificate as the > shared secret, or any combination of things (biometrics, etc, etc). > > The point is, until you define what you have, and what the > requirements are ("protect the index from unauthorized index" is just way to > vague), you're just stabbing in the dark. > > - Nick > > -----Original Message----- > From: Hans Merkl [mailto:[email protected]] > Sent: Thursday, February 25, 2010 4:17 PM > To: [email protected] > Subject: How to secure/encrypt a Lucene index? > > > Hi, I am working on a desktop app that will use Lucerne as search engine. > The app will be installed on the user's machine and the index will be stored > on the local hard disk. > > The data is potentially confidential so I would like to protect the index > from unauthorized access. The data needs to be secure even when the user's > machine gets stolen. > > 2 approaches I have come up with so far: > > - Use Windows NTFS encryption. Should be secure unless the unauthorized > person knows how log in as the user that created the index. > - Use TrueCrypt. This should be very safe but it requires the installation > of TrueCrypt and administrative rights to install the encrypted drive. > > The application will be distributed to many users so I would like to keep > the installation as simple as possible. > > Does anybody have experience with this scenario? Right now I think the > easiest approach would be NTFS encryption. What do you think? > > Thanks! > > >
