[Date Prev][Date Next]
Re: security suggestion for openldap
On Tue, May 27, 2003 at 03:11:28PM +0200, Matthieu Turpault wrote:
> - the content of the database should be encrypted in full. It should not be
> possible to read the data with vi or an other text editor.
This is a backend issue, isn't it? I just saw that Berkeley DB 4.1.25 has encryption
support, but I haven't tried to use it yet.
> - non-authenticated user should not extract information. ?root? user should
> not be able to extract the data in the directory.
non-authenticated users can be prevented from extracting information via ACLs.
But not the local root user, unless you use something like lids for linux, I suppose.