lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant Ingersoll <gsing...@apache.org>
Subject Re: Adding Encryption to lucene indexes
Date Sun, 14 Aug 2011 11:51:12 GMT
You might try searching JIRA, I believe there is an issue in there that attempts to provide
an encrypted Directory implementation.   You might also just use file system encryption.

On Aug 12, 2011, at 8:09 PM, Chris Zakian wrote:

> Hey, thanks for your reply Shaneal,
> 
> I do have a person to consult with about the crypto code, it is just a
> matter of figuring out which streams
> to grab. So encrypting all of the write operations in IndexOutput (and
> DataOutput) and decrypting to plaintext in IndexInput on the way out should
> let me search normally correct? In other words, when I do a query, will it
> also pass through the same classes so that There is still search
> functionality?
> 
> On Fri, Aug 12, 2011 at 6:43 PM, Shaneal Manek <shaneal@greplin.com> wrote:
> 
>> For starters, you probably shouldn't be writing your own crypto code
>> (unless you're a professional cryptographer, or your project has
>> access to one to audit your code). See, for example,
>> 
>> http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html
>> .
>> If you *have* to, you'll probably want to subclass the NIOFSDirectory
>> (and, more precisely, the IndexInput and IndexOutput streams).
>> 
>> A more reasonable approach might be to encrypt the underlying volume
>> the Lucene Index will be on with something like LVM. The details will,
>> of course, depend on the particulars of how/when you have access to
>> your key.
>> 
>> -Shaneal
>> 
>> On Fri, Aug 12, 2011 at 12:15 PM, Chris Zakian <czakian@gmail.com> wrote:
>>> Hello,
>>> 
>>> I am currently adding Lucene (in combination with hibernate search) to a
>>> medical record service. As such, I need to encrypt the indexes so that
>>> unauthorized people don't have access to them by bypassing the system's
>>> database security. I was wondering if anyone had a) implemented a
>> security
>>> measure that encrypts the indexes or b) if I were to write my own
>>> encryption, what classes actually handle all the IO to and from the
>> indexes.
>>> In praticular, where would I get the Input/Output Streams in order to
>>> encrypt them.
>>> 
>>> Thanks,
>>> Chris.
>>> GSOC intern with OpenMRS
>>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
>> For additional commands, e-mail: java-user-help@lucene.apache.org
>> 
>> 

--------------------------------------------
Grant Ingersoll



---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-user-help@lucene.apache.org


Mime
View raw message