[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: security suggestion for openldap

To: Matthieu Turpault <mt.openldapdevel@comelis.fr>
Subject: Re: security suggestion for openldap
From: Andreas <andreas@conectiva.com.br>
Date: Tue, 27 May 2003 13:37:37 -0300
Cc: openldap-devel@OpenLDAP.org
Content-disposition: inline
In-reply-to: <MGEFIJGLOCLFFKBKAFEPOEHMDMAA.mt.openldapdevel@comelis.fr>
References: <MGEFIJGLOCLFFKBKAFEPOEHMDMAA.mt.openldapdevel@comelis.fr>
User-agent: Mutt/1.5.4i

On Tue, May 27, 2003 at 03:11:28PM +0200, Matthieu Turpault wrote:
> 	- the content of the database should be encrypted in full. It should not be
> possible to read the data with vi or an other text editor.

This is a backend issue, isn't it? I just saw that Berkeley DB 4.1.25 has encryption
support, but I haven't tried to use it yet.

> 	- non-authenticated user should not extract information. ?root? user should
> not be able to extract the data in the directory.

non-authenticated users can be prevented from extracting information via ACLs.
But not the local root user, unless you use something like lids for linux, I suppose.

References:
- security suggestion for openldap
  - From: "Matthieu Turpault" <mt.openldapdevel@comelis.fr>

Prev by Date: security suggestion for openldap
Next by Date: RE: security suggestion for openldap
Index(es):
- Chronological
- Thread