Jan, Index encryption is not really about trust to root users for us. It is about letting client company to be able to secure their index with their key. To prevent information loss through hacking to a server. What I agree with is that this does go beyond just search ;)
Thanks for the JIRA, looks promising. On Thu, Mar 12, 2015 at 10:06 PM, Jan Høydahl <jan....@cominvent.com> wrote: > If you cannot trust your root users you probably have bigger problems than > with search... I think it has been suggested to encrypt on codec or > directory level as well. Yep, here is the JIRA > https://issues.apache.org/jira/browse/LUCENE-2228 :) > > -- > Jan Høydahl, search solution architect > Cominvent AS - www.cominvent.com > > > 12. mar. 2015 kl. 16.22 skrev Erick Erickson <erickerick...@gmail.com>: > > > > About <1>. Gotta be careful here about what would be promised. You > > really _can't_ encrypt the _indexed_ terms in a meaningful way and > > still search. And, as you well know, you can reconstruct documents > > from the indexed terms. It's lossy, but still coherent enough to give > > security folks fits. > > > > For instance, to do a wildcard search I need to have the "run" in > > "run" match "running", "runner" "runs" etc. Any but trivial encryption > > will break that, and the trivial encryption is easy to break. > > > > So putting all this over an encrypting filesystem is an approach > > that's often used. > > > > FWIW > > > > > > On Thu, Mar 12, 2015 at 5:22 AM, Dmitry Kan <solrexp...@gmail.com> > wrote: > >> Hi, > >> > >> Things you have mentioned would be useful for our use-case. > >> > >> On top we've seen these two requests for securing Solr: > >> > >> 1. Encrypting the index (with a customer private key for instance). > There > >> are certainly other ways to go about this, like using virtual private > >> clouds, but having the feature in solr could allow multitenant Solr > >> installations. > >> > >> 2. ACLs: giving access rights to parts of the index / document sets > >> depending on the user access rights. > >> > >> > >> > >> On Thu, Mar 12, 2015 at 1:32 PM, Jan Høydahl <jan....@cominvent.com> > wrote: > >> > >>> Hi, > >>> > >>> Securing various Solr APIs has once again surfaced as a discussion in > the > >>> developer list. See e.g. SOLR-7236 > >>> Would be useful to get some feedback from Solr users about needs "in > the > >>> field". > >>> > >>> Please reply to this email and let us know what security aspect(s) > would > >>> be most important for your company to see supported in a future > version of > >>> Solr. > >>> Examples: Local user management, AD/LDAP integration, SSL, > authenticated > >>> login to Admin UI, authorization for Admin APIs, e.g. admin user vs > >>> read-only user etc > >>> > >>> -- > >>> Jan Høydahl, search solution architect > >>> Cominvent AS - www.cominvent.com > >>> > >>> > >> > >> > >> -- > >> Dmitry Kan > >> Luke Toolbox: http://github.com/DmitryKey/luke > >> Blog: http://dmitrykan.blogspot.com > >> Twitter: http://twitter.com/dmitrykan > >> SemanticAnalyzer: www.semanticanalyzer.info > > -- Dmitry Kan Luke Toolbox: http://github.com/DmitryKey/luke Blog: http://dmitrykan.blogspot.com Twitter: http://twitter.com/dmitrykan SemanticAnalyzer: www.semanticanalyzer.info
