[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Encrypting attributes of my choice
Hi,
I wrote Howards message and re-thought the security of my data stored in 
 the ldap tree....
If you're concerned that someone
can hack into your system and steal records out of your database files, then
automated encryption in the directory is still no defense. Any key that is
easily accessible to slapd will also be easily accessible to anyone with
direct access to your database files. 
I'm using SSL/TLS to encrypt all communication with my ldap server. But 
therefor I have to store the key, the certificate and the ca-certificate 
in a well reachable directory. Isn't this quite insecure? I don't 
understand the ssl-stuff completly, so please correct me if I'm wrong.
Can I do anything to improve the level of security for my data?
(At the moment the mentioned file have these access rights: -rw-r--r-- 
and my slapd.conf which have to contain information about the location 
of these files has: -rw-------, slapd can only be started as root.)
With best regards
Susanne