>> Hello All,
>>
>> Is anyone aware of a way to store encrypted sensitive data in RAM for
>> access via a web application using ASP? It would be posted in the
>> same manner. Is storing in RAM preferable to using an encrypted
>> database, in this case SQL 2000?
>> Is there anyway to securely delete or timeout the data after a
>> certain period of time?
>> If you discard the data are there potential problems with California
>> SB 1386 and being able to track intrusions and possible data
>> compromise?
>>
>> I'm not a developer, but want a better solution than what the
>> developers and client have proposed.
>
Storing data in ram presents some issues. First, if you need to save
the data for reuse long term then it must be backed up on some type of
media like a DVD or hard disk. When the power goes out, you lose the
data if its in ram. Second, if you are trying to prevent it from being
accessible to attack then memory storage is no guarantee. you must
have a data structure to store the data and therefore it can be
obtained by attacking your app just as someone could attack a sql
server. Anything in memory is still accessible to someone who gets
access to the box via webserver vulnerabilities, os vulnerabilites,
etc. It doesn't really save you much. Third, you are limited to x
number of connections based on the amount of ram and size of the
session you wish to store. Granted other factors limit the number of
concurrent users like bandwidth, etc.
Lucas Holt
Luke_at_FoolishGames.com
________________________________________________________
FoolishGames.com (Jewel Fan Site)
JustJournal.com (Free blogging)
Received on Jul 06 2004
Intro
