casper at bcx.nl
Tue Oct 18 07:40:05 PDT 2005
I plan on using memcached for a new project, but I've got one big
thing to consider: security. This ofcourse should be a big thing in
software development anyway, but I work for a company that is ISO
certified for security. For me it is an even bigger concern.
1. I've found no way of ensuring the data is read only by my application.
I though off:
- encrypting the data I put into memcached, this I obviously dismissed
because this would make caching too slow.
- using UNIX domain sockets (a socket file) to connect to memcached. This
would enable me to use UNIX file permissions to 'secure' memcached a bit.
I see no real pitfalls here, except that it limits me to use memcached
only on the local machine, and I might want to use dedicated caching
machines somewhere along the line...
Is there a plan to add some form of password protection to memcached?
As there probably isn't, what is the best way to go for me? The only
thing I can think of is to add this feature to memcached myself, something
I am very well willing to do. Are there other people around here that have
some idea of how to implement a thing like this?
If I'm going to add a feature, I like to make it more generally usable and
someone else might benefit from my work...
Finally, I wonder if someone of you can make some statement about this
daemons security? I would never run this daemon on a publicly accesable
port that's obvious, but what about buffer overflow risks and the such?
Thanks for your time,
More information about the memcached