On Sun, 2004-03-07 at 08:42, Thomas Beale wrote: > Client-side file caching is probably a security hole, but > memory caching is safe enough.
You are assuming that computers are turned off when they are not attended or in use. Increasingly that is not the case, with low-power workstations, laptops in suspend mode, and held-held PDAs. All that by way of saying that much more attention now needs to be paid to the security of client-side caches in general, including those held in sometimes-but-not-always-volatile memory. In general, caches should be held on encrypted filesystems, either on-disc or in-memory, with the keys (or a key to the keys) to the encryption/decryption managed by a daemon which purges the keys from memory when asked (eg locking the device) or automatically after a short period of disuse. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.openehr.org/mailman/private/openehr-technical_lists.openehr.org/attachments/20040307/9c7bce9e/attachment.asc>
