[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: db encryption/checksum (was: commit: ldap/doc/man/man5 slapd-bdb.5)

To: Howard Chu <hyc@symas.com>
Subject: Re: db encryption/checksum (was: commit: ldap/doc/man/man5 slapd-bdb.5)
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 17 Dec 2007 10:39:08 +0100
Cc: OpenLDAP Commit <openldap-commit2devel@openldap.org>
In-reply-to: <hbf.20071217f2f0@bombur.uio.no>
References: <200712151820.lBFIKZQp065112@cantor.openldap.org> <47662069.6010205@symas.com> <hbf.20071217f2f0@bombur.uio.no>

I wrote:
> - Protecting data on the machine itself, if it gets stolen or carelessly
>   sold.  I don't know much about how that works though, in particular
>   if one wants slapd to come up at reboot.  Store the key physically
>   in a different place, on a remote filesystem?

Sorry, I should have read the thread you referred to first.  But still,
I don't understand why it needs to be such a problem.  It would need
proper care, yes.  The remote filesystem would have access controls for
the machine's IP address and network, I presume.  Or if not a
filesystem, the server could fetch the keys with ldaps: or https: from a
server with similar access controls:-)

-- 
Regards,
Hallvard

References:
- Re: commit: ldap/doc/man/man5 slapd-bdb.5
  - From: Howard Chu <hyc@symas.com>
- db encryption/checksum (was: commit: ldap/doc/man/man5 slapd-bdb.5)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: db encryption/checksum (was: commit: ldap/doc/man/man5 slapd-bdb.5)
Next by Date: Re: commit: ldap/libraries/libldap url.c
Index(es):
- Chronological
- Thread