Forum OpenACS Q&A: Response to Running from Memory?
There's been some observation (claim?) that it's difficult to truly erase data quickly from a hard drive (an extensive article was written by an Australian.. I'll add an link to his article when I find it)--some observe that it can be easier to erase things stored in the ram disk (just trigger a helper routine in the ram disk driver to wipe the memory should the intrusion alarm go off?). There are uncertainties to this claim because it is hard to tell:
- 1) whether an operating system halt or core dump will actually trigger the emergency erasure routine or bypass it accidentally;
- 2) whether you've installed a subverted/subverable operating system+software+driver;
- 3) whether your intrusion alarms are any good;
- 4) and whether the electrical properties of ram-stored data really disappears quickly enough (or at all) after power off (this one was talked about extensively by the Australian paper).
- 5) and goodness knows what else...
But as you know a ram disk is only as good as the
- 1) cohost's power supply and operational environment;
- 2) the hardware's reliability,
- 3) operating system's stability,
- 4) and goodness knows what else...
The permanence and safety of the data demand that there be no weak link in the chain--anywhere. The best suggestion so far is to replicate the SQL updates to a remote mirror database over an encrypted virtual private network. This setup was talked about by the CIO of HavenCo in June-July '00 Slashdot interview (you can read it by searching the keyword HavenCo.. the search query box for Slashdot is hidden at the bottom of the page by the way).