How to encrypt proxy cache
Steve Wilson
lists-nginx at swsystem.co.uk
Mon Apr 3 16:14:59 UTC 2017
On 03/04/2017 16:50, sachin.shetty at gmail.com wrote:
> Thanks Maxim for the reply. We have evaluated disk based encryption
> etc, but
> that does not prevent sysadmins from viewing user data which is a
> problem
> for us.
>
> Do you think we could build something using lua and intercept read and
> wriite call from cache?
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,273311,273354#msg-273354
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
With root level access I doubt you'll be able to meet your requirements.
There's tools like ssldump which can be used to decrypt the network
traffic, even implementing something via a module/lua would require the
encryption key to be read and available for the sysadmins to use.
Personally I'd look at avoiding caching if it's got sensitive data by
identifying common request data (paths/cookies etc) and excluding from
the cache.
Alternatively, as Maxim has said, review and restrict access to the
server.
Steve.
More information about the nginx
mailing list