Return-Path: Delivered-To: apmail-jackrabbit-users-archive@locus.apache.org Received: (qmail 30267 invoked from network); 11 Jun 2008 13:39:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Jun 2008 13:39:52 -0000 Received: (qmail 21573 invoked by uid 500); 11 Jun 2008 13:39:54 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 21370 invoked by uid 500); 11 Jun 2008 13:39:53 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 21359 invoked by uid 99); 11 Jun 2008 13:39:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jun 2008 06:39:53 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [81.19.98.213] (HELO eul0600252.eu.verio.net) (81.19.98.213) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jun 2008 13:39:03 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by eul0600252.eu.verio.net (Postfix) with ESMTP id 603E453C24 for ; Wed, 11 Jun 2008 15:38:17 +0200 (CEST) Received: from eul0600252.eu.verio.net ([127.0.0.1]) by localhost (eul0600252 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01089-08 for ; Wed, 11 Jun 2008 15:38:17 +0200 (CEST) Received: from [192.168.1.2] (137.106.219.87.dynamic.jazztel.es [87.219.106.137]) by eul0600252.eu.verio.net (Postfix) with ESMTP id 0FC5053C1D for ; Wed, 11 Jun 2008 15:38:16 +0200 (CEST) Subject: Re: it is possible to encrypt the document in the repository? From: Paco Avila To: users@jackrabbit.apache.org In-Reply-To: <510143ac0806110615r142c5e22o86ced78ac2940a56@mail.gmail.com> References: <1213181183.9560.2.camel@monkiki.git.es> <510143ac0806110615r142c5e22o86ced78ac2940a56@mail.gmail.com> Content-Type: text/plain; charset=utf-8 Organization: GIT Consultors Date: Wed, 11 Jun 2008 15:39:19 +0200 Message-Id: <1213191559.13956.9.camel@monkiki.git.es> Mime-Version: 1.0 X-Mailer: Evolution 2.22.2 Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at git.es X-Virus-Checked: Checked by ClamAV on apache.org El mié, 11-06-2008 a las 16:15 +0300, Jukka Zitting escribió: > Hi, > > On Wed, Jun 11, 2008 at 1:46 PM, Paco Avila wrote: > > I want to ecnrypt the documents stored in the jackrabbit repository but > > i have a big problem: if I store an encrypted stream, the text > > extractors will fail to extract info from this encrypted stream. So, how > > can I store these encrypted documents and get indexed? > > Store unencrypted copies of the documents in the repository. Yeah, but the problem is the same :) > What's the reason for storing the documents encrypted? If it's > security-related, note that even if users wouldn't have direct access > to the underlying index files, they'd still be able to deduce much of > the document contents by carefully crafted queries against the > repository. For example > /jcr:root/path/to/document[jcr:contains(.,'foo')] tells if a document > contains "foo". Ok, but he can't deduce the whole document using this approach. The problem is when an user access the server and can view the filesystem, and the documents are stored on it. If I encrypt these documents in the repository, no one can read the files out of jackrabbit. > If you still want to do this, one alternative would of course be to > write a custom text extractor that knows how to decrypt the documents > before passing them to the normal text extractors. Thanks, I was thinking to implement something like this. -- Paco Avila GIT Consultors