[
https://issues.apache.org/jira/browse/JAMES-3524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoit Tellier closed JAMES-3524.
---------------------------------
Fix Version/s: 3.6.0
Resolution: Fixed
https://github.com/apache/james-project/pull/342 solved this
> Re-enable AES encryption for the BlobStore
> ------------------------------------------
>
> Key: JAMES-3524
> URL: https://issues.apache.org/jira/browse/JAMES-3524
> Project: James Server
> Issue Type: Task
> Components: Blob
> Affects Versions: 3.6.0
> Reporter: Benoit Tellier
> Priority: Major
> Labels: security
> Fix For: 3.6.0
>
> Time Spent: 4.5h
> Remaining Estimate: 0h
>
> Users might not wish to administrate themselves a S3 compatible blobStore and
> might rely on a third arty to do so. As such, in order to avoid a third party
> compromission to escalate to a data leak, a good practice is to encrypt the
> data symmetrically, the secret key generation secrets being stored on the
> appkication server.
> Such a mechanism prevents data leak for a third party compromission, but do
> not deend against an application server compromission (as the attacker would
> then know the private key).
> As part of his work on a Swift compatible blob store [1] , Jean Helou
> contributed an AES encryption mechanism for that very blob store [2].
> However, changes in the blobStore design, dropping of the (non-reactive)
> JCloud driver, rewrite on top of S3 API, as well as modularization of the
> blobStore (extraction of the BlobStoreDAO, PassThough VS Deduplicating
> blobStore) [3] lead to this work being dropped, for the sake of simplicity in
> an effort to finish a long lasting refactoring.
> Note that:
> - Needs to encrypt blob payload had been requested on top of the Cassandra
> blob store [4] in order to prevents (full) data leaks from a Cassandra DB
> compromission.
> - Some optimizations (prior [3]) of the object storage when using S3 were
> incompatible with payload encryption [5]
> By adoption design proposed in [3], reusing the job made by Jean in [2] we
> can write a generic AESBlobStoreDAO that wraps any other BlobStoreDAO, adding
> a security layer. Using the BlobStoreChooser, we then can re-enable this
> capability on top of the Distributed James server.
> [1] https://issues.apache.org/jira/browse/JAMES-2525
> [2] https://github.com/linagora/james-project/pull/1865 &
> https://github.com/linagora/james-project/pull/1975 &
> https://issues.apache.org/jira/browse/JAMES-2589
> [3] https://issues.apache.org/jira/browse/JAMES-3028
> [4] https://issues.apache.org/jira/browse/JAMES-3023
> [5] https://issues.apache.org/jira/browse/JAMES-2692
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
