I thank you for taking time for authoring the subject of performance which is typically not given enough attention during the application development. I wish there is a section to include patterns for securing application cached data. Do you have any insights into application security features in Java 8?
Security would be worth a whole book by itseld. The book doesn't deal directly with the cached data security but gives some hints on why to use a remote or local cache which is the main concern in terms of security.
There is not portable security accross cluster in JavaEE (this is vendor specific) and a bit outside the book scope which is more about ensuring it works as expected and you don't get surprises adding cache.
The security topic is interesting because you have all extremes:
- You need to not use String but char for sensitive data to erase them (set all items to 0) once used
- You don't need security except for incoming requests
Concretely on a Java platform - and actually any computer platform today - you can access the whole memory so if you want to hack the volatile data you can and preventing to store sensitive data a long time is valuable however if you assume somebody can do that
you also have to assume he can do anything he wants including handling your response the way he wants. I'm not saying it is easy but at the same level of intrusion.
The only way to protect yourself is to use a security manager which will limit a lot what somebody can do inside (or not) your JVM but it also slows down so much the application that today almost nobody is using it in production.
Personally I tend to ensure the outbounds of my application are really secured:
- HTTP has security
- JMS doesn't use java serialization or equivalent (see the 0-day vulnerability) and connection is secured
- if using a local file, ensure it is signed or so etc...
Going deeper in the security - for instance using some crypto for locally cached data - would be an overkill which can lead to not be worth caching at all and is not really useful from a security perspective since if you need to be able to decrypt it an attacker able to access the cache would be able to do it as well.