How to encrypt proxy cache

Steve Wilson lists-nginx at swsystem.co.uk
Mon Apr 3 16:14:59 UTC 2017


On 03/04/2017 16:50, sachin.shetty at gmail.com wrote:
> Thanks Maxim for the reply. We have evaluated disk based encryption 
> etc, but
> that does not prevent sysadmins from viewing user data which is a 
> problem
> for us.
> 
> Do you think we could build something using lua and intercept read and
> wriite call from cache?
> 
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,273311,273354#msg-273354
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

With root level access I doubt you'll be able to meet your requirements. 
There's tools like ssldump which can be used to decrypt the network 
traffic, even implementing something via a module/lua would require the 
encryption key to be read and available for the sysadmins to use.

Personally I'd look at avoiding caching if it's got sensitive data by 
identifying common request data (paths/cookies etc) and excluding from 
the cache.

Alternatively, as Maxim has said, review and restrict access to the 
server.

Steve.


More information about the nginx mailing list