1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
  6. Deployment manual

Database Encryption - Netscape DIRECTORY SERVER 7.0 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Database Encryption

Because search filters do not directly name the object that you are managing access
for, their use can result in unexpected surprises, especially as your directory becomes
more complex. If you are using search filters in ACIs, run an
using the same filter to make sure you know what the results of the changes mean to
your directory.
Do not duplicate ACIs in differing parts of your directory tree.
Watch out for overlapping ACIs. For example, if you have an ACI at your directory
root point that allows a group write access to the
attributes and another ACI that allows the same group write access for just the
commonName
grants the write access for the group.
As your directory grows more complicated, it becomes increasingly easy to overlap
accidentally ACIs in this manner. By avoiding ACI overlap, you make your security
management easier while potentially reducing the total number of ACIs contained in
your directory.
Name your ACIs.
While naming ACIs is optional, giving each ACI a short, meaningful name helps you
to manage your security model, especially when examining your ACIs from the
Directory console.
Group your ACIs as closely together as possible within your directory.
Try to limit ACI placement to your directory root point and to major directory branch
points. Grouping ACIs helps you manage your total list of ACIs, as well as helping
you keep the total number of ACIs in your directory to a minimum.
Avoid using double negatives, such as deny write if the bind DN is not equal
to
Although this syntax is perfectly acceptable for the server, it's confusing for a human
administrator.
Database Encryption
Because information in a database is stored in plain text, some extremely sensitive
information, such as government identification numbers or passwords, may not
be protected enough by access control measures. It may be possible to gain access
to a server's persistent storage files, either by going directly through the
filesystem or by accessing discarded disk drives or archive tape.
162
Netscape Directory Server Deployment Guide • October 2004
attribute, then consider reworking your ACIs so that only one control
.
cn=Joe
ldapsearch
and
commonName
givenName
operation

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT

This manual is also suitable for:

Netscape directory server 7.0

Table of Contents