If you cannot trust your root users you probably have bigger problems than with search... I think it has been suggested to encrypt on codec or directory level as well. Yep, here is the JIRA https://issues.apache.org/jira/browse/LUCENE-2228 :)
-- Jan Høydahl, search solution architect Cominvent AS - www.cominvent.com > 12. mar. 2015 kl. 16.22 skrev Erick Erickson <erickerick...@gmail.com>: > > About <1>. Gotta be careful here about what would be promised. You > really _can't_ encrypt the _indexed_ terms in a meaningful way and > still search. And, as you well know, you can reconstruct documents > from the indexed terms. It's lossy, but still coherent enough to give > security folks fits. > > For instance, to do a wildcard search I need to have the "run" in > "run" match "running", "runner" "runs" etc. Any but trivial encryption > will break that, and the trivial encryption is easy to break. > > So putting all this over an encrypting filesystem is an approach > that's often used. > > FWIW > > > On Thu, Mar 12, 2015 at 5:22 AM, Dmitry Kan <solrexp...@gmail.com> wrote: >> Hi, >> >> Things you have mentioned would be useful for our use-case. >> >> On top we've seen these two requests for securing Solr: >> >> 1. Encrypting the index (with a customer private key for instance). There >> are certainly other ways to go about this, like using virtual private >> clouds, but having the feature in solr could allow multitenant Solr >> installations. >> >> 2. ACLs: giving access rights to parts of the index / document sets >> depending on the user access rights. >> >> >> >> On Thu, Mar 12, 2015 at 1:32 PM, Jan Høydahl <jan....@cominvent.com> wrote: >> >>> Hi, >>> >>> Securing various Solr APIs has once again surfaced as a discussion in the >>> developer list. See e.g. SOLR-7236 >>> Would be useful to get some feedback from Solr users about needs "in the >>> field". >>> >>> Please reply to this email and let us know what security aspect(s) would >>> be most important for your company to see supported in a future version of >>> Solr. >>> Examples: Local user management, AD/LDAP integration, SSL, authenticated >>> login to Admin UI, authorization for Admin APIs, e.g. admin user vs >>> read-only user etc >>> >>> -- >>> Jan Høydahl, search solution architect >>> Cominvent AS - www.cominvent.com >>> >>> >> >> >> -- >> Dmitry Kan >> Luke Toolbox: http://github.com/DmitryKey/luke >> Blog: http://dmitrykan.blogspot.com >> Twitter: http://twitter.com/dmitrykan >> SemanticAnalyzer: www.semanticanalyzer.info