Am Freitag, 6. Februar 2009 02:09:09 schrieb David Bear: > Has there ever been much discussion on created encrypted volumes? These > would work like a local encrypted file system - without they key, they are > useless. I'm thinking that you might need an fs setkey or something like > that to insert the key into the cache manager.. fs mkmount could have a > switch that would specify it was an encrypted volume..
The problem is that volumes in AFS are not mounted and unmounted all the time.
The are mounted into the tree once and are usually available anytime. To
prevent access to sensitive files, use ACLs.
Things like ecryptfs, truecrypt or LUKS only protect data as long as the
volume is _not_ mounted. Once mounted, normal Unix access permissions or ACLs
apply. So what you could do is to create encrypted vice partitions and put
volumes with sensitive data onto those, so that in case of theft or whatever
the data cannot be read by the attacker.
HTH...
Dirk
signature.asc
Description: This is a digitally signed message part.
