You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2020/01/09 08:47:00 UTC

[jira] [Created] (JAMES-3023) Encryption for Cassandra blobStore

Benoit Tellier created JAMES-3023:
-------------------------------------

             Summary: Encryption for Cassandra blobStore
                 Key: JAMES-3023
                 URL: https://issues.apache.org/jira/browse/JAMES-3023
             Project: James Server
          Issue Type: Sub-task
          Components: Blob, cassandra
            Reporter: Benoit Tellier


Following JAMES-2921 Hybrid BlobStore we end up storing 'blobs' into Cassandra.

Given a multi-tenant environment, if I run two James servers on top of the same Cassandra database, I don't want one server to be able to read the content of the other one.

Such isolation is currently achievable by having separate keyspaces, and separate users with different right settings. However given a cassandra acls misconfiguration, such content could still be leaked from one tenant to the other one in case of James compromision.

Encrypting blobs into cassandra, with an encryption key specific per James server can be a good second line of defense to mitigate this risk. Only metatdata would be readable, raw content (headers & body) staying encrypted.

As such, I should be able to configure AES encryption of top of Cassandra storage.





--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org