Page 3 of 3

Re: Advanced security questions

Posted: Wed Jan 07, 2009 6:10 pm
by volomike
Or just switch to PostgreSQL.

Re: Advanced security questions

Posted: Wed Jan 07, 2009 6:26 pm
by examancer
volomike wrote:Or just switch to PostgreSQL.
What is the advantage there? Can it create full-text indexes for encrypted columns, without exposing the data?

Re: Advanced security questions

Posted: Thu Jan 08, 2009 4:58 am
by Mordred
Can it create full-text indexes for encrypted columns, without exposing the data?
Full-text indices do leak information about the document. There is no (to my knowledge) support for FT indexing of encrypted text, but any alternative solution you may come to will still suffer from this (inherent to the indexing process) information leakage. Be sure that you know how to deal with it - limit the access to the search functionality only to the document owner, create "personal" search indices which are also encrypted with the owner key, etc.

Otherwise getting hold of your FT index will let the attacker know which documents (belonging to which users) contain "bomb", "plane", "smurf the government", "<insert deity> akbar", etc.
There's always a balance between security and usability, make your choice on which of the two sides to lean.

Re: Advanced security questions

Posted: Thu Jan 08, 2009 12:50 pm
by examancer
Good information. I was figured indicies had to leak some of the data and you have confirmed that. However, a light bulb went off when you said this:
Mordred wrote:...create "personal" search indices which are also encrypted with the owner key
This sounds like a great solution. I was looking at some of the tools I have been pointed to for maintaining my own indexes, and I'm sure I could come up with a way to create and maintain indexes for my users, then serialize and store their personal index in the database (encrypted of course), allowing me to offer fast search without breaking security.

THANK YOU!

Re: Advanced security questions

Posted: Fri Jan 23, 2009 10:50 pm
by aschlosberg
Not sure if anyone has pointed this out but you have an XSS vulnerability in the way you display the username. Try logging in with the username <script>alert(1);</script> - you can execute any Javascript that you want to.

EDIT: XSS - http://en.wikipedia.org/wiki/Cross-site_scripting