[RADIATOR] Password/certificate security seems next to none on Radiator server

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Tue Oct 6 13:02:08 CDT 2015


Hi,

> Would using Microsoft EFS on the Radiator folder (which contains all NAS credentials) and limiting access be a stronger solution than using an encrypted database? Would this cause a noticeable performance hit for an SMB?

ah..you're using RADIATOR on a windows box?  now I see why you worry about things being readable! ;-)

okay...use EFS...but once the volume is decrypted it can be read.   put strings into memory and they
can be read, performance hit = no - as the config is only read at startup or restart... only
entries in databases are checked dynamically.  you can store your stuff securely elsewhere
eg a database that is read by the RADIATOR server..but thats just obfuscation as they'll still
have to be read by the server..stored in memory..and if the database isnt secured then
thats more of an attack vector (also, admins on the server with DB read access could still read
the password...)

alan


More information about the radiator mailing list