1

well caching is a perfect way to speed up access to data which are public ( all users of website ) and frequently used. but what about data that are supposed to be accessed by a specific role ( e.g just Administrators ) .

is this sort of caching safe ? is there any security related actions to do when using Data caching ?

mohsen dorparasti
  • 8,107
  • 7
  • 41
  • 61
  • It depends on you business logic, fetching and displaying data from database/cache will be upto you logic. So you may create some area which can only be accessed by authenticated users. Then show you data from cache. Use cache only for those data which is frequent, and used by all the users. That will increase performance. –  Sep 19 '12 at 06:11
  • http://msdn.microsoft.com/en-us/library/hh404101.aspx check to how much data is useful to provide over client side ! – Viral Shah Sep 19 '12 at 06:12

1 Answers1

2

The security issues for accessing sensitive data from the Cache are exactly the same as those when accessing sensitive data from any other source, e.g. a database.

You just need to implement the appropriate authorization before exposing it to the user.

Joe
  • 122,218
  • 32
  • 205
  • 338
  • good point , that's what I've done . I just wonder if is it safe to keep non-public data in memory for a while ? – mohsen dorparasti Sep 19 '12 at 06:28
  • If someone can get at the contents of your server memory, you're hacked, and they'll probably be able to get at your data wherever it is: database, in-memory cache or wherever. So yes, I'd say it's safe to keep it in memory for a while. – Joe Sep 19 '12 at 08:07