[prev in list] [next in list] [prev in thread] [next in thread]
List: cyrus-devel
Subject: Re: Way to Use SQLite DB instead of SaslDB?
From: Tom Samplonius <tom () samplonius ! org>
Date: 2022-05-03 4:28:32
Message-ID: 1FE5C12F-E0D7-44A9-A4B1-F7447D1DF583 () samplonius ! org
[Download RAW message or body]
It would probably be easier to just wrap the store and load sasl internal functions \
with encryption/decryption functions, rather than modify sasl to use a different \
database.
And I hope you are preparing to prompt for the database password on startup, \
because if you store the database password on the system, you will also not be \
complying with your policy. Unless you have a hardware key vault device that \
guarantees write only key storage.
Or, you could use an encrypted file system, and encrypt the mail as well. I think \
this is what most sites that require encryption are doing.
> On May 2, 2022, at 12:43 PM, Joseph Chen <joseph.chen@non.keysight.com> wrote:
>
> Does anyone know if there is a way to use SQLite DB in place of SaslDB?
>
> The reason: the built-in SaslDB uses a clear text data file for DB data (being \
> used while cyrus sasl is processing SRAM authentications), and the company that I \
> work for does not allow the use of any un-encrypted DB for storing usernames and \
> passwords. Instead, it recommends use a licensed SQLite DB that is able to encrypt \
> data.
> --JC
> Cyrus <https://cyrus.topicbox.com/latest> / Devel / see discussions \
> <https://cyrus.topicbox.com/groups/devel> + participants \
> <https://cyrus.topicbox.com/groups/devel/members> + delivery options \
> <https://cyrus.topicbox.com/groups/devel/subscription>Permalink \
> <https://cyrus.topicbox.com/groups/devel/T669554f0fb783215-M05b89e1b80579ada639fe697>
>
------------------------------------------
Cyrus: Devel
Permalink: https://cyrus.topicbox.com/groups/devel/T669554f0fb783215-M2245dc4a1c0100d354341739
Delivery options: https://cyrus.topicbox.com/groups/devel/subscription
[Attachment #3 (unknown)]
<html><html><html><head><meta content="text/html; charset=us-ascii" \
http-equiv="Content-Type" /></head><body class="" style="word-wrap: break-word; \
-webkit-nbsp-mode: space; line-break: after-white-space;"><div class=""><br class="" \
/></div> It would probably be easier to just wrap the store and load sasl \
internal functions with encryption/decryption functions, rather than modify sasl to \
use a different database.<div class=""><br class="" /></div><div class=""> And \
I hope you are preparing to prompt for the database password on startup, because if \
you store the database password on the system, you will also not be complying with \
your policy. Unless you have a hardware key vault device that guarantees write \
only key storage.</div><div class=""><br class="" /></div><div class=""> Or, \
you could use an encrypted file system, and encrypt the mail as well. I think \
this is what most sites that require encryption are doing.</div><div class=""><br \
class="" /><div><br class="" /><blockquote class="" type="cite"><div class="">On May \
2, 2022, at 12:43 PM, Joseph Chen <<a class="" \
href="mailto:joseph.chen@non.keysight.com">joseph.chen@non.keysight.com</a>> \
wrote:</div><br class="Apple-interchange-newline" /><div class=""><meta \
charset="UTF-8" class="" /><div class="WordSection1" style="page: WordSection1; \
caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: \
normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div \
class="" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">Does \
anyone know if there is a way to use SQLite DB in place of SaslDB?<o:p \
class=""></o:p></div><div class="" style="margin: 0in; font-size: 11pt; font-family: \
Calibri, sans-serif;"><o:p class=""> </o:p></div><div class="" style="margin: \
0in; font-size: 11pt; font-family: Calibri, sans-serif;">The reason: the \
built-in SaslDB uses a clear text data file for DB data (being used while cyrus sasl \
is processing SRAM authentications), and the company that I work for does not allow \
the use of any un-encrypted DB for storing usernames and passwords. Instead, it \
recommends use a licensed SQLite DB that is able to encrypt data.<o:p \
class=""></o:p></div><div class="" style="margin: 0in; font-size: 11pt; font-family: \
Calibri, sans-serif;"><o:p class=""> </o:p></div><div class="" style="margin: \
0in; font-size: 11pt; font-family: Calibri, sans-serif;">--JC<span \
class="Apple-converted-space"> </span><o:p \
class=""></o:p></div></div></div></blockquote></div><br class="" /></div><div \
id="topicbox-footer" style="margin:10px 0 0;border-top:1px solid \
#ddd;border-color:rgba(0,0,0,.15);padding:7px 0;">
<strong><a href="https://cyrus.topicbox.com/latest" \
style="color:inherit;text-decoration:none">Cyrus</a></strong> / Devel / see
<a href="https://cyrus.topicbox.com/groups/devel">discussions</a>
+
<a href="https://cyrus.topicbox.com/groups/devel/members">participants</a>
+
<a href="https://cyrus.topicbox.com/groups/devel/subscription">delivery options</a>
<a href="https://cyrus.topicbox.com/groups/devel/T669554f0fb783215-M2245dc4a1c0100d354341739" \
style="float:right">Permalink</a> </div>
</body></html></html></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic