Hi Rafaela,

I built something along these lines as a proof of concept. All data in the 
index was unstored and only fields which were searchable (tokenized and 
indexed) were kept in the index. The full record was encrypted and stored in a 
MongoDB database. A custom Solr component did the search against the index, 
gathered up unique ids of the results, then pulled out the encrypted data from 
MongoDB, decrypted it on the fly and rendered the results.

You can find the (Scala) code here:
https://github.com/sujitpal/solr4-extras
(under the src/main/scala/com/mycompany/solr4extras/secure folder).

More information (more or less the same as what I wrote but probably a bit more 
readable with inlined code):
http://sujitpal.blogspot.com/2012/12/searching-encrypted-document-collection.html

There are some obvious data sync concerns with this sort of setup, but as 
Adrian points out, you can't index encrypted data.

HTH
Sujit

On Jun 25, 2013, at 4:17 AM, Adrien Grand wrote:

> On Tue, Jun 25, 2013 at 1:03 PM, Rafaela Voiculescu
> <rafaela.voicule...@gmail.com> wrote:
>> Hello,
> 
> Hi,
> 
>> I am sorry I was not a bit more explicit. I am trying to find an acceptable
>> way to encrypt the data to prevent any access of it in any way unless the
>> person who is trying to access it knows how to decrypt it. As I mentioned,
>> I looked a bit through the patch, but I am not sure of its status.
> 
> You can encrypt stored fields, but there is no way to do it correctly
> with fields that have positions indexed: attackers could infer the
> actual terms based on the order of terms (the encrypted version must
> sort the same way as the original terms), frequencies and positions.
> 
> --
> Adrien
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org
> For additional commands, e-mail: java-user-h...@lucene.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org
For additional commands, e-mail: java-user-h...@lucene.apache.org

Reply via email to