[
https://issues.apache.org/jira/browse/JAMES-3023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoit Tellier updated JAMES-3023:
----------------------------------
Description:
Following JAMES-2921 Hybrid BlobStore we end up storing 'blobs' into Cassandra.
Given a multi-tenant environment, if I run two James servers on top of the same
Cassandra database, I don't want one server to be able to read the content of
the other one.
Such isolation is currently achievable by having separate keyspaces, and
separate users with different right settings. However given a cassandra acls
misconfiguration, such content could still be leaked from one tenant to the
other one in case of James compromision.
Encrypting blobs into cassandra, with an encryption key specific per James
server can be a good second line of defense to mitigate this risk. Only
metatdata would be readable, raw content (headers & body) staying encrypted.
As such, I should be able to configure AES encryption of top of Cassandra
storage (just like on top of ObjectStorage).
was:
Following JAMES-2921 Hybrid BlobStore we end up storing 'blobs' into Cassandra.
Given a multi-tenant environment, if I run two James servers on top of the same
Cassandra database, I don't want one server to be able to read the content of
the other one.
Such isolation is currently achievable by having separate keyspaces, and
separate users with different right settings. However given a cassandra acls
misconfiguration, such content could still be leaked from one tenant to the
other one in case of James compromision.
Encrypting blobs into cassandra, with an encryption key specific per James
server can be a good second line of defense to mitigate this risk. Only
metatdata would be readable, raw content (headers & body) staying encrypted.
As such, I should be able to configure AES encryption of top of Cassandra
storage.
> Encryption for Cassandra blobStore
> ----------------------------------
>
> Key: JAMES-3023
> URL: https://issues.apache.org/jira/browse/JAMES-3023
> Project: James Server
> Issue Type: Sub-task
> Components: Blob, cassandra
> Reporter: Benoit Tellier
> Priority: Major
>
> Following JAMES-2921 Hybrid BlobStore we end up storing 'blobs' into
> Cassandra.
> Given a multi-tenant environment, if I run two James servers on top of the
> same Cassandra database, I don't want one server to be able to read the
> content of the other one.
> Such isolation is currently achievable by having separate keyspaces, and
> separate users with different right settings. However given a cassandra acls
> misconfiguration, such content could still be leaked from one tenant to the
> other one in case of James compromision.
> Encrypting blobs into cassandra, with an encryption key specific per James
> server can be a good second line of defense to mitigate this risk. Only
> metatdata would be readable, raw content (headers & body) staying encrypted.
> As such, I should be able to configure AES encryption of top of Cassandra
> storage (just like on top of ObjectStorage).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
