[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypting attributes of my choice

To: openldap-software@OpenLDAP.org
Subject: Re: Encrypting attributes of my choice
From: Susanne Benkert <benkerts@emt.iis.fhg.de>
Date: Fri, 08 Feb 2002 09:55:33 +0100
References: <NMEFLNHODBAOPDKNNJALCENOCEAA.hyc@highlandsun.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:0.9.4) Gecko/20011126 Netscape6/6.2.1

Hi,

I wrote Howards message and re-thought the security of my data stored in the ldap tree....

If you're concerned that someone can hack into your system and steal records out of your database files, then automated encryption in the directory is still no defense. Any key that is easily accessible to slapd will also be easily accessible to anyone with direct access to your database files.

I'm using SSL/TLS to encrypt all communication with my ldap server. But therefor I have to store the key, the certificate and the ca-certificate in a well reachable directory. Isn't this quite insecure? I don't understand the ssl-stuff completly, so please correct me if I'm wrong.

Can I do anything to improve the level of security for my data? (At the moment the mentioned file have these access rights: -rw-r--r-- and my slapd.conf which have to contain information about the location of these files has: -rw-------, slapd can only be started as root.)

With best regards
Susanne

Follow-Ups:
- RE: Encrypting attributes of my choice
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- RE: Encrypting attributes of my choice
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: Outlook and openldap
Next by Date: hello
Index(es):
- Chronological
- Thread