password protection

Casper Langemeijer casper at bcx.nl
Tue Oct 18 07:40:05 PDT 2005


Hi all!

I plan on using memcached for a new project, but I've got one big 
thing to consider: security. This ofcourse should be a big thing in 
software development anyway, but I work for a company that is ISO 
certified for security. For me it is an even bigger concern.

1. I've found no way of ensuring the data is read only by my application.

I though off:

- encrypting the data I put into memcached, this I obviously dismissed 
because this would make caching too slow.
- using UNIX domain sockets (a socket file) to connect to memcached. This 
would enable me to use UNIX file permissions to 'secure' memcached a bit. 
I see no real pitfalls here, except that it limits me to use memcached 
only on the local machine, and I might want to use dedicated caching 
machines somewhere along the line...

Is there a plan to add some form of password protection to memcached? 

As there probably isn't, what is the best way to go for me? The only 
thing I can think of is to add this feature to memcached myself, something 
I am very well willing to do. Are there other people around here that have 
some idea of how to implement a thing like this?
If I'm going to add a feature, I like to make it more generally usable and 
someone else might benefit from my work...


Finally, I wonder if someone of you can make some statement about this 
daemons security? I would never run this daemon on a publicly accesable 
port that's obvious, but what about buffer overflow risks and the such?


Thanks for your time,

Casper Langemeijer


More information about the memcached mailing list