Ehcache avoid storing sensitive data to disk?

Question

We want to cache, using Ehcache, sensitive data that should never be stored to disk (data can only reside in main memory). It is the kind of data that is illegal for it to be stored on disk at all and therefore needs to be treated with a certain caution.

We are already using Ehcache (both with and without terracotta) for common caching purposes.

I know that Ehcache provides the option to cache on both to main memory and to disk, and additionally it allows to overflowtodisk when using main memory.

I am new to Ehcache, and would like to know of how to configure Ehcache so as to guarantee that this particular cache never touches the disk. (we are currently mostly using default configuration) Additionally it would be nice to have a way to confirm where data is being stored once we have the implementation running (to confirm that no data is not stored the disk).

Answer 1

As far as I know, persistence to disk has to be explicitely enabled. See the documentation here. If you haven't already added such configuration, I doubt things are getting stored to disk by default. Check your ehcache config, do you see anything related to persistence or CacheWriter attachments to your caches?

I would have said that once your service is running, you can obtain the cache configurations via JMX to check whether there is disk persistence and, if yes, where it is persisting. You can enable JMX this way and can check for yourself:

CacheManager cm = net.sf.ehcache.CacheManager.getInstance();
MBeanServer mbs = java.lang.management.ManagementFactory.getPlatformMBeanServer();
net.sf.ehcache.management.ManagementService.registerMBeans(cm, mbs, true, true, true, true, true);

For example, the bean net.sf.cache/CacheConfiguration/CacheManager/cache/DiskPersistent tells you whether disk persistence is enabled or not. However, persistence can be done via CacheWriter as well. To find this out, you cannot use JConsole, but you have to programmatically attach to the MBeanServer and obtain the attribute net.sf.ehcache/Cache/CacheManager/cache/CacheConfiguration. This will return a net.sf.ehcache.management.CacheConfiguration instance which should tell you about the registered CacheWriter, and hopefully the config it is using. (I haven't tried this myself.)

Also, if data confidentiality is very important to you, then you should also consider encrypting your data (in cache, and over the wire.)

Answer 2

At the cache level:

The legacy overflowToDisk configuration setting is false by default. The modern persistence element, if absent, defaults to none. In both these cases, the cache configured will not have a disk tier and so will not write any entries to disk.

If the same cache manager hosts disk backed caches, it will be creating files in the configured folder - or java.io.tmpdir - which will have the cache name in their path. As this name is encoded to be used in path, it may not be easy to match, but you will be able to assess that your cache without a disk backend does not have any files created in this structure.