On 03/04/2017 16:50, sachin.she...@gmail.com wrote:
Thanks Maxim for the reply. We have evaluated disk based encryption
etc, but
that does not prevent sysadmins from viewing user data which is a
problem
for us.
Do you think we could build something using lua and intercept read and
wriite call from cache?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,273311,273354#msg-273354
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
With root level access I doubt you'll be able to meet your requirements.
There's tools like ssldump which can be used to decrypt the network
traffic, even implementing something via a module/lua would require the
encryption key to be read and available for the sysadmins to use.
Personally I'd look at avoiding caching if it's got sensitive data by
identifying common request data (paths/cookies etc) and excluding from
the cache.
Alternatively, as Maxim has said, review and restrict access to the
server.
Steve.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx