I am delighted I am no longer a voice in the wilderness. I couldn't agree more with you Joaquin! Victor
Joaquin Delgado-2 wrote: > > Security should be responsibility of the application. However let's make > it clear that field level encryption is more a "means of" implementing > security and herefore an infrastructure functionality that in my opinion > Lucene should optionally provide. In the same way relational databases > provide options (at a performance cost) to encrypt column values for very > sensitive information. > > That way, even if the data fell in obscure hands and they know how to read > the lucene index, they would not be able to see the values stored with it. > > Think about credit card numbers for example ;-) > > That's my two cents. > > -- Joaquin > > > -----Original Message----- > From negrinv <[EMAIL PROTECTED]> > Sent Fri 12/1/2006 1:22 PM > To java-dev@lucene.apache.org > Subject Re: Attached proposed modifications to Lucene 2.0 to support > Field.Store.Encrypted > > > That is a valid consideration Doron, which brings the discussion back to > the > difference between encrypton and security. I believe that security is an > end > application responsability, not Lucene's. For instance, is it possible to > write the end application so that those stats are hidden from or > inaccessible to users? > Victor > > > Doron Cohen wrote: >> >> Robert Engels <[EMAIL PROTECTED]> wrote on 01/12/2006 09:34:12: >>> ... decrypting such small payloads .. I think it is also subject to an >> easy attack, >> >> In addition, index statistics are still available, right? So one can >> know >> how many docs, which (encrypted) words appear in which docs and exactly >> where, and how often. AFAIK, with a large enough index these statistics >> can be useful for cracking the encryption. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- > View this message in context: > http://www.nabble.com/Attached-proposed-modifications-to-Lucene-2.0-to-support-Field.Store.Encrypted-tf2727614.html#a7646459 > Sent from the Lucene - Java Developer mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Attached-proposed-modifications-to-Lucene-2.0-to-support-Field.Store.Encrypted-tf2727614.html#a7647866 Sent from the Lucene - Java Developer mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]