lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Zakian <czak...@indiana.edu>
Subject Re: Adding Encryption to lucene indexes
Date Sat, 13 Aug 2011 00:09:13 GMT
Hey, thanks for your reply Shaneal,

I do have a person to consult with about the crypto code, it is just a
matter of figuring out which streams
to grab. So encrypting all of the write operations in IndexOutput (and
DataOutput) and decrypting to plaintext in IndexInput on the way out should
let me search normally correct? In other words, when I do a query, will it
also pass through the same classes so that There is still search
functionality?

On Fri, Aug 12, 2011 at 6:43 PM, Shaneal Manek <shaneal@greplin.com> wrote:

> For starters, you probably shouldn't be writing your own crypto code
> (unless you're a professional cryptographer, or your project has
> access to one to audit your code). See, for example,
>
> http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html
> .
> If you *have* to, you'll probably want to subclass the NIOFSDirectory
> (and, more precisely, the IndexInput and IndexOutput streams).
>
> A more reasonable approach might be to encrypt the underlying volume
> the Lucene Index will be on with something like LVM. The details will,
> of course, depend on the particulars of how/when you have access to
> your key.
>
> -Shaneal
>
> On Fri, Aug 12, 2011 at 12:15 PM, Chris Zakian <czakian@gmail.com> wrote:
> > Hello,
> >
> > I am currently adding Lucene (in combination with hibernate search) to a
> > medical record service. As such, I need to encrypt the indexes so that
> > unauthorized people don't have access to them by bypassing the system's
> > database security. I was wondering if anyone had a) implemented a
> security
> > measure that encrypts the indexes or b) if I were to write my own
> > encryption, what classes actually handle all the IO to and from the
> indexes.
> > In praticular, where would I get the Input/Output Streams in order to
> > encrypt them.
> >
> > Thanks,
> > Chris.
> > GSOC intern with OpenMRS
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
> For additional commands, e-mail: java-user-help@lucene.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message