Re: prevent Linux root from seeing my files

From: Chris Albertson <albertson.chris_at_gmail.com>
Date: Tue, 30 Nov 2010 11:50:07 -0800

I think the bottom line here is that your only "for sure" method is to
do all the encryption and decryption
on your own local computer. But as others have said this means
SVN sees only binary blobs.

You can not depend on the server unless you completely trust
Root. But if you trust him why not simply tell him not to look?
With an untrustful Root you can not depend on an encrypted
file system on the sever. It would be easy
for Root to pach it such that no encryption takes place and you'd
never know it was patched.

I work with data that can't be shared. As it turns out most of
the compromises that occur are human error or procedural
problems. and no, you can't depend on people promising to
not make mistakes. You have to organized your work and
systems so that they are fail safe. One hard and fast rule is
to NEVER connect a computer that holds sensitive information
to the Internet. Move the data through an "air gap".

You have to decide if your data is really that sensitive

-- 
=====
Chris Albertson
Redondo Beach, California

Received on 2010-11-30 20:50:45 CET

This message: [ Message body ]
Next message: Andy Levy: "Re: Db based configuration for per-directory access control"
Previous message: Takács András: "subversion cross compile (arm)"
In reply to: Campbell Allan: "Re: prevent Linux root from seeing my files"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]