[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypting attributes of my choice


I wrote Howards message and re-thought the security of my data stored in the ldap tree....

If you're concerned that someone
can hack into your system and steal records out of your database files, then
automated encryption in the directory is still no defense. Any key that is
easily accessible to slapd will also be easily accessible to anyone with
direct access to your database files.

I'm using SSL/TLS to encrypt all communication with my ldap server. But therefor I have to store the key, the certificate and the ca-certificate in a well reachable directory. Isn't this quite insecure? I don't understand the ssl-stuff completly, so please correct me if I'm wrong.

Can I do anything to improve the level of security for my data?
(At the moment the mentioned file have these access rights: -rw-r--r-- and my slapd.conf which have to contain information about the location of these files has: -rw-------, slapd can only be started as root.)

With best regards