lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From negrinv <victorneg...@gmail.com>
Subject Re: Attached proposed modifications to Lucene 2.0 to support Field.Store.Encrypted
Date Fri, 01 Dec 2006 23:09:41 GMT

I am delighted I am no longer a voice in the wilderness. I couldn't agree
more with you Joaquin!
Victor

Joaquin Delgado-2 wrote:
> 
> Security should be responsibility of the application. However let's make
> it clear that field level encryption is more a "means of" implementing
> security and herefore an infrastructure functionality that in my opinion
> Lucene should optionally provide. In the same way relational databases
> provide options (at a performance cost) to encrypt column values for very
> sensitive information.
> 
> That way, even if the data fell in obscure hands and they know how to read
> the lucene index, they would not be able to see the values stored with it.
> 
> Think about credit card numbers for example ;-)
> 
> That's my two cents.
> 
> -- Joaquin
> 
> 
> -----Original Message-----
> From negrinv <victornegrin@gmail.com>
> Sent Fri 12/1/2006 1:22 PM
> To java-dev@lucene.apache.org
> Subject Re: Attached proposed modifications to Lucene 2.0 to support
> Field.Store.Encrypted
> 
> 
> That is a valid consideration Doron, which brings the discussion back to
> the
> difference between encrypton and security. I believe that security is an
> end
> application responsability, not Lucene's. For instance, is it possible to
> write the end application so that those stats are hidden from or
> inaccessible to users?
> Victor
> 
> 
> Doron Cohen wrote:
>> 
>> Robert Engels <rengels@ix.netcom.com> wrote on 01/12/2006 09:34:12:
>>> ... decrypting such small payloads .. I think it is also subject to an
>> easy attack,
>> 
>> In addition, index statistics are still available, right?  So one can
>> know
>> how many docs, which (encrypted) words appear in which docs and exactly
>> where, and how often.  AFAIK, with a large enough index these statistics
>> can be useful for cracking the encryption.
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
>> For additional commands, e-mail: java-dev-help@lucene.apache.org
>> 
>> 
>> 
> 
> -- 
> View this message in context:
> http://www.nabble.com/Attached-proposed-modifications-to-Lucene-2.0-to-support-Field.Store.Encrypted-tf2727614.html#a7646459
> Sent from the Lucene - Java Developer mailing list archive at Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: java-dev-help@lucene.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: java-dev-help@lucene.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Attached-proposed-modifications-to-Lucene-2.0-to-support-Field.Store.Encrypted-tf2727614.html#a7647866
Sent from the Lucene - Java Developer mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org


Mime
View raw message