WebApp Sec mailing list archives

RE: Encrypting Cached data

From: "Ig Vermaak" <Ig.Vermaak () namitech com>
Date: Fri, 2 Dec 2005 08:40:25 +0200

Hi Yousef,

Have you considered Hardware Security Modules? This will not only take
care of the "key in cache" problem - but also greatly enhance the
transaction speed. If you want more info mail me :)

Regards
Ig Vermaak


-----Original Message-----
From: Yousef Syed [mailto:yousef.syed () gmail com] 
Sent: 01 December 2005 09:20 PM
To: Web Application Security
Subject: Encrypting Cached data

Hi,
Is it possible to encrypt data stored in the cache of a Web Server or
Application server?

We'd like to use caching for performance reasons, but don't want
secure data to be viewable if the server is compromised.

What is the best way to do this?

Thanx,
ys

--
Yousef Syed
"One senior official said the consultancy "doesn't have the greatest
of reputations among civil servants. They come and state the bleeding
obvious using Powerpoint"."

Current thread:

Encrypting Cached data Yousef Syed (Dec 01)
- Re: Encrypting Cached data Olaf Reitmaier (Dec 02)
- Re: Encrypting Cached data Georgi Alexandrov (Dec 05)
- <Possible follow-ups>
- RE: Encrypting Cached data Ig Vermaak (Dec 01)
- RE: Encrypting Cached data Hudel, Chris (Dec 05)
  - Re: Encrypting Cached data Yousef Syed (Dec 06)
  - Re: Encrypting Cached data Georgi Alexandrov (Dec 06)