Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2617

Support protection of changelog data at rest

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0, 3.5.0
    • Fix Version/s: 4.0.0, 3.5.0
    • Component/s: replication, security
    • Labels:
      None

      Description

      As a user of OpenDJ I would like the content of the replication change log files to be encrypted in order to protect sensitive data at rest.

      This issue can be closed once it is possible to configure the replication server to encrypt changelog DB files using a user specified encryption algorithm. We should use a sensible default "best practice" algorithm when none is specified by the user. We should also support dynamic configuration changes to the algorithm and even disabling encryption. Therefore, I suggest that encryption be performed on a record by record basis.

      Not all data needs to be encrypted. I don't think replica DB keys need encrypting nor does the change number index need any encryption.

      Enabling this feature should not have a dramatic impact on performance, although some impact is expected (10% or so?).

      See OPENDJ-2616 for implementation hints.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                fabiop Fabio Pistolesi
                Reporter:
                matthew Matthew Swift
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: