[Cryptography] Transparent remote file access
Howard Chu
hyc at symas.com
Fri Dec 1 03:02:15 EST 2017
James A. Donald wrote:
> On 12/1/2017 12:00 AM, Phillip Hallam-Baker wrote:
>> I would rather poke my eyes out with a stick than use LDAP.
>
> I am part of a group of people that are concerned that we might be survielled
> by Google and the United States Government, and our IT guy is planning to
> implement LDAP for single sign in.
>
> Could you direct me to something that lists concerns?
Phillip sounds like he's been burned by some crappy implementations.
In terms of data security, OpenLDAP has no data-disclosure bugs. That makes it
unique in the current landscape of database systems - monolithic, distributed,
or otherwise.
> As I understand it, LDAP is just a database optimized for certain kinds of
> lookups, which are the lookups one is apt to do when people sign in.
LDAP is a somewhat lobotimized protocol for accessing a database with a
hierarchical data model (X.500). Servers implementing this data model tend to
be optimized for read-mostly access. In read-heavy workloads there is no other
database system anywhere close to OpenLDAP's performance.
> you seem to suggest that someone hostile might find the LDAP database handy
> and relatively easy to access and control.
Over the wire, that's quite unlikely. From secure authentication mechanisms,
to fine-grained authorization, an OpenLDAP server is pretty impervious to
network-based attacks.
> The proposed LDAP database will be in the cloud, which does not strike me as a
> very good idea if one is worried about surveillance. Should be in someone's
> closet, in a private home, with backups onto blueray from time to time, with
> blueray disks sent around by snail mail. But I am too lazy and busy to
> implement this myself, also I frequently travel, generally between one country
> with terrible internet, to another country with worse internet. So someone
> else is implementing security in the cloud.
When running on infrastructure you don't own, you have to worry about both
data in RAM and data on disk. AMD's secure virtualization extensions take care
about securing RAM for cloud-based deployments. OSs with encrypted filesystems
would handle the security of data on disk, assuming the rest of the OS is
secure. Of course, once an encrypted filesystem is successfully mounted, it's
essentially cleartext for every user with access to the filesystem. If you
want finer-grained control there, you need application-level storage
encryption. In the case of LDAP, OpenLDAP with BerkeleyDB supports database
encryption today, and OpenLDAP with LMDB 1.0 will also support it (at database
page level, for both BDB and LMDB).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list