lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shaneal Manek <shan...@greplin.com>
Subject Re: Adding Encryption to lucene indexes
Date Fri, 12 Aug 2011 22:43:00 GMT
For starters, you probably shouldn't be writing your own crypto code
(unless you're a professional cryptographer, or your project has
access to one to audit your code). See, for example,
http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html.
If you *have* to, you'll probably want to subclass the NIOFSDirectory
(and, more precisely, the IndexInput and IndexOutput streams).

A more reasonable approach might be to encrypt the underlying volume
the Lucene Index will be on with something like LVM. The details will,
of course, depend on the particulars of how/when you have access to
your key.

-Shaneal

On Fri, Aug 12, 2011 at 12:15 PM, Chris Zakian <czakian@gmail.com> wrote:
> Hello,
>
> I am currently adding Lucene (in combination with hibernate search) to a
> medical record service. As such, I need to encrypt the indexes so that
> unauthorized people don't have access to them by bypassing the system's
> database security. I was wondering if anyone had a) implemented a security
> measure that encrypts the indexes or b) if I were to write my own
> encryption, what classes actually handle all the IO to and from the indexes.
> In praticular, where would I get the Input/Output Streams in order to
> encrypt them.
>
> Thanks,
> Chris.
> GSOC intern with OpenMRS
>

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-user-help@lucene.apache.org


Mime
View raw message