[Cryptography] Transparent remote file access

Howard Chu hyc at symas.com
Fri Dec 1 03:02:15 EST 2017


James A. Donald wrote:
> On 12/1/2017 12:00 AM, Phillip Hallam-Baker wrote:
>> ​I would rather poke my eyes out with a stick than use LDAP.​
> 
> I am part of a group of people that are concerned that we might be survielled 
> by Google and the United States Government, and our IT guy is planning to 
> implement LDAP for single sign in.
> 
> Could you direct me to something that lists concerns?

Phillip sounds like he's been burned by some crappy implementations.
In terms of data security, OpenLDAP has no data-disclosure bugs. That makes it 
unique in the current landscape of database systems - monolithic, distributed, 
or otherwise.

> As I understand it, LDAP is just a database optimized for certain kinds of 
> lookups, which are the lookups one is apt to do when people sign in.

LDAP is a somewhat lobotimized protocol for accessing a database with a 
hierarchical data model (X.500). Servers implementing this data model tend to 
be optimized for read-mostly access. In read-heavy workloads there is no other 
database system anywhere close to OpenLDAP's performance.

> you seem to suggest that someone hostile might find the LDAP database handy 
> and relatively easy to access and control.

Over the wire, that's quite unlikely. From secure authentication mechanisms, 
to fine-grained authorization, an OpenLDAP server is pretty impervious to 
network-based attacks.

> The proposed LDAP database will be in the cloud, which does not strike me as a 
> very good idea if one is worried about surveillance.  Should be in someone's 
> closet, in a private home, with backups onto blueray from time to time, with 
> blueray disks sent around by snail mail. But I am too lazy and busy to 
> implement this myself, also I frequently travel, generally between one country 
> with terrible internet, to another country with worse internet.  So someone 
> else is implementing security in the cloud.

When running on infrastructure you don't own, you have to worry about both 
data in RAM and data on disk. AMD's secure virtualization extensions take care 
about securing RAM for cloud-based deployments. OSs with encrypted filesystems 
would handle the security of data on disk, assuming the rest of the OS is 
secure. Of course, once an encrypted filesystem is successfully mounted, it's 
essentially cleartext for every user with access to the filesystem. If you 
want finer-grained control there, you need application-level storage 
encryption. In the case of LDAP, OpenLDAP with BerkeleyDB supports database 
encryption today, and OpenLDAP with LMDB 1.0 will also support it (at database 
page level, for both BDB and LMDB).

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


More information about the cryptography mailing list