1

I plan to use JCS or ehcache in Spring Cache and put this into a REST based webservice. The webservice will be distributed across at least two application servers. Because of this I plan to use a distributed cache. From my understanding this means the cache service needs to be accessible via the network. During the research I did I found nothing about securing the connection. So I fear that someone knowing that the cache service is running will be able to manipulate the data.

Can I and if yes how can I secure JCS or ehcache in a distributed cache configuration ?

Marged
  • 10,577
  • 10
  • 57
  • 99

1 Answers1

1

In the case of ehcache, if you want to go to a distributed cache with inter-node security then their commercial product BigMemory Max gives that functionality.

According to their documentation:

You can choose one of the following to secure servers:

SSL-based security – Provides certificate-based authentication for all nodes (including clients) and secures the entire cluster with encrypted connections. Can be used with role-based authorization. LDAP-based authentication – Uses your organization's authentication database to secure access to Terracotta servers.

Angular University
  • 42,341
  • 15
  • 74
  • 81
  • Thanks for that detailled link. Do you know of a possibility to secure the cache without going (and paying) for the enterprise edition ? – Marged Feb 08 '14 at 23:08
  • 1
    I think it's not possible with ehcache, the distributed and secured version is their commercial product. Have a look at http://memcached.org/ and this answer http://stackoverflow.com/questions/14029366/hibernate-ehcache-vs-memcache – Angular University Feb 10 '14 at 15:10