Hi all: I tried to subscribe over the weekend, and haven't gotten an email yet. I'll try to post this and see if it lets me. I'm considering using Xapian to index email messages in an IMAP server I'm writing. Is it possible to encrypt the databases stored on disk, so that someone cannot recover their contents? What I would like to do is when a message is received, send it through Xapian to be indexed. Then encrypt the contents and store it. When I run a search through Xapian, all I need is some sort of ID so I can retrieve the message and decrypt it. I don't want someone to be able to use the Xapian database to reconstruct the messages indexed. Is this possible? If not, is there another indexing engine that can? Thanks! David ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
On Tue, Jan 17, 2006 at 09:09:02PM -0500, David Blewett wrote:> I tried to subscribe over the weekend, and haven't gotten an email yet. > I'll try to post this and see if it lets me.We've been having problems with the mailing list software and certain kinds of spam (there's a bug in the character set handler which crashes the mailing list :-(. When it dies I have to restart it... you should have a whole load of emails now!> I'm considering using Xapian to index email messages in an IMAP server > I'm writing. Is it possible to encrypt the databases stored on disk, so > that someone cannot recover their contents?You could encrypt the volume the database is stored on, and that's probably the best option IMHO.> What I would like to do is when a message is received, send it through > Xapian to be indexed. Then encrypt the contents and store it. When I > run a search through Xapian, all I need is some sort of ID so I can > retrieve the message and decrypt it. I don't want someone to be able to > use the Xapian database to reconstruct the messages indexed. Is this > possible? If not, is there another indexing engine that can? Thanks!You *could* encrypt the email after indexing and stuff that in the document data within Xapian, but I wouldn't recommend it because the index terms would still be unencrypted, so while it isn't possible to get the actual email contents, you could get all the posting lists and hence the (stemmed version of the) words in the email. If you put the db on an encrypted volume, only someone with the key can access the database at all - much better. On Windows something like PGP Desktop will do the trick (or Windows XP's encryption services, for local disks). On Unix, an encrypted file system written onto a file and mounted via loopback will do the same thing - there are undoubtedly HOWTO docs on doing this for linux, and probably *BSD. For commercial Unixes, talk to your vendor. J -- /--------------------------------------------------------------------------\ James Aylett xapian.org james@tartarus.org uncertaintydivision.org
Hi all: I'm considering using Xapian to index email messages in an IMAP server I'm writing. Is it possible to encrypt the databases stored on disk, so that someone cannot recover their contents? What I would like to do is when a message is received, send it through Xapian to be indexed. Then encrypt the contents and store it. When I run a search through Xapian, all I need is some sort of ID so I can retrieve the message and decrypt it. I don't want someone to be able to use the Xapian database to reconstruct the messages indexed. Is this possible? If not, is there another indexing engine that can? Thanks! David ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Hi all: I'm considering using Xapian to index email messages in an IMAP server I'm writing. Is it possible to encrypt the databases stored on disk, so that someone cannot recover their contents? What I would like to do is when a message is received, send it through Xapian to be indexed. Then encrypt the contents and store it. When I run a search through Xapian, all I need is some sort of ID so I can retrieve the message and decrypt it. I don't want someone to be able to use the Xapian database to reconstruct the messages indexed. Is this possible? If not, is there another indexing engine that can? Thanks! David