[Date Prev][Date Next]
Re: Encrypting attributes of my choice
I wrote Howards message and re-thought the security of my data stored in
the ldap tree....
If you're concerned that someone
can hack into your system and steal records out of your database files, then
automated encryption in the directory is still no defense. Any key that is
easily accessible to slapd will also be easily accessible to anyone with
direct access to your database files.
I'm using SSL/TLS to encrypt all communication with my ldap server. But
therefor I have to store the key, the certificate and the ca-certificate
in a well reachable directory. Isn't this quite insecure? I don't
understand the ssl-stuff completly, so please correct me if I'm wrong.
Can I do anything to improve the level of security for my data?
(At the moment the mentioned file have these access rights: -rw-r--r--
and my slapd.conf which have to contain information about the location
of these files has: -rw-------, slapd can only be started as root.)
With best regards