vmencryption-limitations.dita@ 105145

Last change on this file since 105145 was 99797, checked in by vboxsync, 21 months ago
Docs: bugref:10302. Merging changes from the docs team. Almost exclusively conkeyref related stuff.
Property svn:eol-style set to `native` Property svn:keywords set to `Id Revision`
File size: 1.4 KB

Line
1	<?xml version='1.0' encoding='UTF-8'?>
2	<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
3	<topic xml:lang="en-us" id="vmencryption-limitations">
4	<title>Limitations of VM Encryption</title>
5
6	<body>
7	<p>
8	There are some limitations the user needs to be aware of when
9	using this feature:
10	</p>
11	<ul>
12	<li>
13	<p>
14	Exporting appliances containing an encrypted VM is not
15	possible, because the OVF specification does not support
16	this. The VM is therefore decrypted during export.
17	</p>
18	</li>
19	<li>
20	<p>
21	The DEK is kept in memory while the VM is running to be able
22	to encrypt and decrypt VM data. While this should be obvious
23	the user needs to be aware of this because an attacker might
24	be able to extract the key on a compromised host and decrypt
25	the data.
26	</p>
27	</li>
28	<li>
29	<p>
30	When encrypting or decrypting the VM, the password is passed
31	in clear text using the <ph conkeyref="vbox-conkeyref-phrases/product-name"/> API. This needs to be
32	kept in mind, especially when using third party API clients
33	which make use of the web service where the password might
34	be transmitted over the network. The use of HTTPS is
35	mandatory in such a case.
36	</p>
37	</li>
38	</ul>
39	</body>
40
41	</topic>

Note: See TracBrowser for help on using the repository browser.