Forum OpenACS Q&A: Response to Running from Memory?

Posted by Li-fan Chen on
The other major reason for using a ram disk to store structured data "permanently" I have read about is for security purposes.

There's been some observation (claim?) that it's difficult to truly erase data quickly from a hard drive (an extensive article was written by an Australian.. I'll add an link to his article when I find it)--some observe that it can be easier to erase things stored in the ram disk (just trigger a helper routine in the ram disk driver to wipe the memory should the intrusion alarm go off?). There are uncertainties to this claim because it is hard to tell:

  • 1) whether an operating system halt or core dump will actually trigger the emergency erasure routine or bypass it accidentally;
  • 2) whether you've installed a subverted/subverable operating system+software+driver;
  • 3) whether your intrusion alarms are any good;
  • 4) and whether the electrical properties of ram-stored data really disappears quickly enough (or at all) after power off (this one was talked about extensively by the Australian paper).
  • 5) and goodness knows what else...

But as you know a ram disk is only as good as the

  • 1) cohost's power supply and operational environment;
  • 2) the hardware's reliability,
  • 3) operating system's stability,
  • 4) and goodness knows what else...

The permanence and safety of the data demand that there be no weak link in the chain--anywhere. The best suggestion so far is to replicate the SQL updates to a remote mirror database over an encrypted virtual private network. This setup was talked about by the CIO of HavenCo in June-July '00 Slashdot interview (you can read it by searching the keyword HavenCo.. the search query box for Slashdot is hidden at the bottom of the page by the way).