Page/Swap File and in-memory security considerations

**jonnytabpni** · 12-27-2009, 01:27 PM

Hi Folks,

I'm developing a client/server solution based on the cajo framework (Which uses RMI).

My java client will be receiving hashmaps from the server, which will contain confidential information. The results can be large and I've seen the JVM process memory size in windows task manager raise by 10 - 20MB (There's a lot of data!).

Should I be concerned about the way windows deals with virtual memory/paging on the client machine? Or am I just being overly paranoid? Would this potential paging issue also happen in applications that are web based?

Any advice is very much appreciated.

Thanks

Jonny

**AndreB** · 12-27-2009, 01:47 PM

Aehm, sorry, what is your concern again?

Are you afraid of how the client OS handling the memory? And that your confidential data is written to the swap ?

**jonnytabpni** · 12-27-2009, 02:01 PM

Hi AndreB,

Yes, that pretty much sums up my concerns.

Thanks

**AndreB** · 12-27-2009, 05:21 PM

You cant control how the os handling the memory. So there is a propability that it will write some data to the swap.

But why dont you encrypt your data ? Just "store" the encrypted data in memory and if you require access then decrpyt the needed part on the fly.

**jonnytabpni** · 12-27-2009, 05:55 PM

Encryption isn't an issue really.

When you encrypt something, then it gets "decrypted-on-the-fly", the unencrypted data goes into memory.

I'm just trying to figure out if in industry, memory and/or paging issues are taken seriously. This is my first major project I am doing, and I just want to do it right.

Take a bank for example, their employees will access private data on their computer screens, which will go into their desktop PC's RAM/pagefile. Does bank IT admin guys do anything about this?

And, are java applications more "at-risk", due to their large memory footprint, compared to a web page for example.

Thanks