WebApp Sec mailing list archives
Re: Encrypting Cached data
From: Georgi Alexandrov <georgi.alexandrov () gmail com>
Date: Mon, 05 Dec 2005 13:25:34 +0200
Yousef Syed wrote:
Hi, Is it possible to encrypt data stored in the cache of a Web Server or Application server? We'd like to use caching for performance reasons, but don't want secure data to be viewable if the server is compromised. What is the best way to do this? Thanx, ys -- Yousef Syed "One senior official said the consultancy "doesn't have the greatest of reputations among civil servants. They come and state the bleeding obvious using Powerpoint"."
Actually i don't think you have a problem at all.99.9% of the secure/sensitive web data these days is transfered via https (SSL/TLS). E.g. usernames and passwords, credit card information, etc. Proxy/cache servers don't cache SSL/TLS data because it's useless. They cache only the non-encrypted content.
regards, Georgi Alexandrov
Current thread:
- Encrypting Cached data Yousef Syed (Dec 01)
- Re: Encrypting Cached data Olaf Reitmaier (Dec 02)
- Re: Encrypting Cached data Georgi Alexandrov (Dec 05)
- <Possible follow-ups>
- RE: Encrypting Cached data Ig Vermaak (Dec 01)
- RE: Encrypting Cached data Hudel, Chris (Dec 05)
- Re: Encrypting Cached data Yousef Syed (Dec 06)
- Re: Encrypting Cached data Georgi Alexandrov (Dec 06)