[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: security suggestion for openldap



On Tue, May 27, 2003 at 03:11:28PM +0200, Matthieu Turpault wrote:
> 	- the content of the database should be encrypted in full. It should not be
> possible to read the data with vi or an other text editor.

This is a backend issue, isn't it? I just saw that Berkeley DB 4.1.25 has encryption
support, but I haven't tried to use it yet.

> 	- non-authenticated user should not extract information. ?root? user should
> not be able to extract the data in the directory.

non-authenticated users can be prevented from extracting information via ACLs.
But not the local root user, unless you use something like lids for linux, I suppose.