admin管理员组文章数量:1406720
I have a legacy application used to read sensitive data from a file and process it. I now have the requirement that the file containing the sensitive data must be encrypted. But my legacy application cannot be modified. So it has to use a file that is in clear. I have two additional security requirements saying that:
- the file with the data in clear can not be stored in clear on the file server.-> in memory only
- An admin must not be able to read the file in memory
I am left with a script that would decrypt the file, store the decrypted file in memory, and pass the memory file to the legacy application, provided the legacy application see it as a file (It means that I must mount the memory file server)
This must run on Linux. I could potentially use tmpfs on Linux but it has the drawback that an admin could access the file while it is being processed.
So I was thinking about implementing a FUSE server which would decrypt the file when it is ready by the legacy application, and serve the file to the application in memory.
I am wondering if there are other options to achieve it?
A simple one could be based on tmpfs, but I am afraid it cannot be accepted as the admin count have access to the temporary file server. Would it be possible to isolate the admin from this process?
I am wondering if a tool like Apache commons virtual file server could be used to mount a drive in memory. Or do you know other products which would provide this capability? I have found several in memory file server, but they are language dependant (like Java, python, ...) and can be used from java, python program only.
Any other idea?
本文标签: Implement a secure in memory file server for a legacy applicationStack Overflow
版权声明:本文标题:Implement a secure in memory file server for a legacy application - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745038953a2638960.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论