[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DotGNU]VRS architecture docs

From: Bill Lance
Subject: Re: [DotGNU]VRS architecture docs
Date: Mon, 11 Feb 2002 16:51:03 -0800 (PST)

--- Norbert Bollow <address@hidden> wrote:
> I have some doubts about this point:
> : Nor does the user or any other local program have
> access to
> : the processes and the data in the LDS. The only
> way in and out
> : of the LDS is through a network connection and
> read/write
> : access to a single, highly encrypted disk file
> used for the
> : Repository storage and configuration files. 
> What exactly do you gain by this encryption?  (If
> the decryption
> key has to be stored somewhere on the node machine,
> I doubt that
> you've gained anything.)

Keeping in mind that we are developing specifications
here, not implementations at this point,  your right. 
Protecting the LDS from attack from a host machine,
especially from the root of the host, is going to be
very challenging, if in fact it's possible.  

The keys for the encrypted blocks of the repositiry do
have to be stored in each LDS in the Cluster Manager
as in memory variables.  They should never be on disk.
Also, no one host should ever have an entire set of
mirror blocks for any one file.  If an encryption
method that requires the entire cyphertext file rather
than a stream encoding is used, the data in the mirror
blocks should remain invisible.

Of course, talking about security is always a matter
of degree.  We can only make things more difficult to
break into, never impossible.

Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]