|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Is there a way to encrypt all of the Cyrus' user-specific files on the disk? So that somebody breaking in -- or stealing the server -- has no access to the messages (and other data) unless a user's password is also available?
This is how I'd envision it:
A fancier system could also provide for a "master password" to allow message-recovery in case of the user forgetting their password (or a law-enforcement subpoena). Some people may choose to not use this feature in their setup...
I think, this ensures reasonable protection for the stored messages without any cooperation from the MUA -- a stolen server (or a decommissioned hard-drive) will not reveal user's e-mails. Also, each user is assured, that their old emails are not accessible to anyone, when he isn't accessing them himself.
This may be possible to do right now -- without changing the Cyrus' code at all -- by using encrypted filesystems. Unfortunately, it means, each user's files would have to reside on their own filesystem... The proposed mechanism would provide a better way without too much trouble. What do you think?