WebObjects and Security in case of a physical breach
WebObjects and Security in case of a physical breach
- Subject: WebObjects and Security in case of a physical breach
- From: David Holt <email@hidden>
- Date: Fri, 7 Aug 2009 10:07:59 -0700
Hi all,
I am looking for suggestions for how to lock down data and files
associated with my WebObjects application on a MacOS X 10.5.8 box in
case someone physically walks away with the box. We have biometric
encrypted external harddrives for rotating off-site backup, but now
we are turning our attention to the server itself. Other than the
WebObjects application and associated resources (which I am not all
that concerned about), we have a FrontBase database and files that
have been uploaded and are accessible by client users. The data and
files will almost certainly contain confidential and private data
that would have serious ramifications if stolen and accessed.
Do any of the following ideas make sense?
1. FrontBase disk encryption - my assumption is that encrypted
database files are stored encrypted at /Library/FrontBase/Databases
My worry is that with physical access to the machine, a competent
hacker might be able to find the secure keys that FrontBase uses to
encrypt/decrypt the data. Also, I am uncertain whether backups from
an encrypted database are also encrypted.
2. Move all the FrontBase files into a user account secured by a
mechanism such as file vault. Is there a way to start up Frontbase
databases automatically on login using such a scheme?
3. The Uploads/Downloads folders are currently in subfolders of the
WebServer root. Is there any reason not to serve the files from a
user account secured by a mechanism such as file vault?
4. Is there some other method that you are using that securely
encrypts the entire system in case of theft of the box?
Thanks,
David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden