RDM and security
Hello, I'm on a mission to make RDM the most secure it can be. Our organization holds a lot of sensitive data within RDM. Currently we are using the "Shared pass-phrase" security provider, is this method one of the better ways to secure data? We are looking into using the "Certificate" security provider, but don't know the steps to set this up. We have a VPS using MariaDB that can be accessed via the internet.
All Comments (1)
Hello,
The passphrase provider is definitely as secure as the private key in the sense that a key is used to encrypt the data in the same way.
The Certificate provider does require a lot of efforts to put in place. You probably need to deploy your own Certification Authority, deploy that certificate to all of your machines, then create certificates for each scenario, to RDM encryption, for encrypting communications with the DB, etc
In essence, if you already have such an infrastructure, using the Certificate provider is just another certificate to manage and deploy, so it's not a bad idea. On the other hand, if you do not have all of that, it's overly complex just for that single use.
Obviously, if only your top level admins know the passphrase and register the data sources on all of the machines it's less of a risk, you must decide if knowledge of that passphrase is a risk in your situation.
Best regards,
Maurice