2

We want to cache, using Ehcache, sensitive data that should never be stored to disk (data can only reside in main memory). It is the kind of data that is illegal for it to be stored on disk at all and therefore needs to be treated with a certain caution.

We are already using Ehcache (both with and without terracotta) for common caching purposes.

I know that Ehcache provides the option to cache on both to main memory and to disk, and additionally it allows to overflowtodisk when using main memory.

I am new to Ehcache, and would like to know of how to configure Ehcache so as to guarantee that this particular cache never touches the disk. (we are currently mostly using default configuration) Additionally it would be nice to have a way to confirm where data is being stored once we have the implementation running (to confirm that no data is not stored the disk).

halfer
  • 19,824
  • 17
  • 99
  • 186
stikku
  • 536
  • 7
  • 27
  • Would a RAM disk help here? I don't know Ehcache, but perhaps a portion of it can be backed by temporary storage? – halfer Dec 17 '14 at 17:27
  • This is not a question of performance or hardware. We are require to only store data in a volatile manner, given our hardware, that happens to be RAM, aka main memory. Question is specifically to Ehcache configuration. Also thanks for fixing my English, not my first language :P – stikku Dec 17 '14 at 17:55
  • OK, so can you answer my question? If Ehcache can be pointed to a physical disk, then surely it can be configured to run on a RAM disk? Would it be acceptable for the whole of Ehcache to be backed by volatile storage in your case? – halfer Dec 17 '14 at 17:57
  • Well we only want one of the caches manages by Ehcache to be pointed exclusively to RAM, the rest would ideally be on RAM (for performance) but would allow for disk overflow. – stikku Dec 17 '14 at 18:04
  • Does the manual say anything here? If it does not, can you run two instances of Ehcache? – halfer Dec 17 '14 at 18:32

2 Answers2

2

At the cache level:

The legacy overflowToDisk configuration setting is false by default. The modern persistence element, if absent, defaults to none. In both these cases, the cache configured will not have a disk tier and so will not write any entries to disk.

If the same cache manager hosts disk backed caches, it will be creating files in the configured folder - or java.io.tmpdir - which will have the cache name in their path. As this name is encoded to be used in path, it may not be easy to match, but you will be able to assess that your cache without a disk backend does not have any files created in this structure.

Louis Jacomet
  • 13,661
  • 2
  • 34
  • 43
2

As far as I know, persistence to disk has to be explicitely enabled. See the documentation here. If you haven't already added such configuration, I doubt things are getting stored to disk by default. Check your ehcache config, do you see anything related to persistence or CacheWriter attachments to your caches?

I would have said that once your service is running, you can obtain the cache configurations via JMX to check whether there is disk persistence and, if yes, where it is persisting. You can enable JMX this way and can check for yourself:

CacheManager cm = net.sf.ehcache.CacheManager.getInstance();
MBeanServer mbs = java.lang.management.ManagementFactory.getPlatformMBeanServer();
net.sf.ehcache.management.ManagementService.registerMBeans(cm, mbs, true, true, true, true, true);

For example, the bean net.sf.cache/CacheConfiguration/CacheManager/cache/DiskPersistent tells you whether disk persistence is enabled or not. However, persistence can be done via CacheWriter as well. To find this out, you cannot use JConsole, but you have to programmatically attach to the MBeanServer and obtain the attribute net.sf.ehcache/Cache/CacheManager/cache/CacheConfiguration. This will return a net.sf.ehcache.management.CacheConfiguration instance which should tell you about the registered CacheWriter, and hopefully the config it is using. (I haven't tried this myself.)

Also, if data confidentiality is very important to you, then you should also consider encrypting your data (in cache, and over the wire.)

omerkudat
  • 9,371
  • 4
  • 33
  • 42