[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/doc/man/man5 slapd-bdb.5

To: OpenLDAP Commit <openldap-commit2devel@openldap.org>
Subject: Re: commit: ldap/doc/man/man5 slapd-bdb.5
From: Howard Chu <hyc@symas.com>
Date: Sun, 16 Dec 2007 23:08:25 -0800
In-reply-to: <200712151820.lBFIKZQp065112@cantor.openldap.org>
References: <200712151820.lBFIKZQp065112@cantor.openldap.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9b2pre) Gecko/2007120621 SeaMonkey/2.0a1pre

hyc@OpenLDAP.org wrote:

Update of /repo/OpenLDAP/pkg/ldap/doc/man/man5

Modified Files:
	slapd-bdb.5  1.38 -> 1.39

Log Message:
Support DB encryption


When this topic was first raised, I thought it was pretty useless:

http://www.openldap.org/lists/openldap-software/200202/msg00232.html

And in general, it's not even a necessary feature:

http://www.openldap.org/lists/openldap-devel/200211/msg00045.html

But it seems to be a checklist feature these days.

It may actually provide some value to sites that do regular backups of their raw DB files. It may actually be useful in some cases where you provide an encryption key on separate removable media (e.g. a USB flash drive). It might actually prevent a news article down the road on how some organization lost their 5 million record customer database and now all that unprotected data is now being exploited by criminals.

I doubt it, of course. It exacts a performance penalty on every DB operation, so I don't think anyone will be able to use this long-term. For the off-site backup scenario, it makes more sense to just encrypt the backup images (tar format or whatever backup utility is used). That way you only spend cycles on encryption once, at backup time. Any site that's savvy enough to do automated backups can certainly figure out how to protect those backups with encryption.

But the question comes up from time to time, why we don't offer this feature in the DB itself, and sometimes it's easier to just say "ok" than try to educate people. (In fact we did a custom build of OpenLDAP for a bank a few years ago, that requested this feature from us. They didn't even care about the key management, the key was just a 96 character string hardcoded into the back-bdb patch. The current patch in CVS is obviously a little better than that.)

So anyway, if you're wondering, no, I still think it's a dumb solution. It's here as a marketing gimmick, for feature list checkboxes, not for any technical merit. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

Follow-Ups:
- Database encryption (was: commit: ldap/doc/man/man5 slapd-bdb.5)
  - From: Russ Allbery <rra@stanford.edu>
- db encryption/checksum (was: commit: ldap/doc/man/man5 slapd-bdb.5)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: commit: ldap/libraries/libldap url.c
Next by Date: Database encryption (was: commit: ldap/doc/man/man5 slapd-bdb.5)
Index(es):
- Chronological
- Thread