Tim Churches wrote: >On Sun, 2004-03-07 at 08:42, Thomas Beale wrote: > > >>Client-side file caching is probably a security hole, but >>memory caching is safe enough. >> >> > >You are assuming that computers are turned off when they are not >attended or in use. Increasingly that is not the case, with low-power >workstations, laptops in suspend mode, and held-held PDAs. All that by > > actually, I was assuming that al EHR user sessions are killed after N minutes of inactivity, and all client-side resources let go.
>way of saying that much more attention now needs to be paid to the >security of client-side caches in general, including those held in >sometimes-but-not-always-volatile memory. In general, caches should be >held on encrypted filesystems, either on-disc or in-memory, with the >keys (or a key to the keys) to the encryption/decryption managed by a >daemon which purges the keys from memory when asked (eg locking the >device) or automatically after a short period of disuse. > > this sounds about right to me. - thomas - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
