How to encrypt proxy cache
lists-nginx at swsystem.co.uk
Mon Apr 3 16:14:59 UTC 2017
On 03/04/2017 16:50, sachin.shetty at gmail.com wrote:
> Thanks Maxim for the reply. We have evaluated disk based encryption
> etc, but
> that does not prevent sysadmins from viewing user data which is a
> for us.
> Do you think we could build something using lua and intercept read and
> wriite call from cache?
> Posted at Nginx Forum:
> nginx mailing list
> nginx at nginx.org
With root level access I doubt you'll be able to meet your requirements.
There's tools like ssldump which can be used to decrypt the network
traffic, even implementing something via a module/lua would require the
encryption key to be read and available for the sysadmins to use.
Personally I'd look at avoiding caching if it's got sensitive data by
identifying common request data (paths/cookies etc) and excluding from
Alternatively, as Maxim has said, review and restrict access to the
More information about the nginx