alexs at advfn.com
Tue Oct 18 07:57:44 PDT 2005
On 18 Oct 2005, at 15:40, Casper Langemeijer wrote:
> Hi all!
> I plan on using memcached for a new project, but I've got one big
> thing to consider: security. This ofcourse should be a big thing in
> software development anyway, but I work for a company that is ISO
> certified for security. For me it is an even bigger concern.
> 1. I've found no way of ensuring the data is read only by my
> I though off:
> - encrypting the data I put into memcached, this I obviously dismissed
> because this would make caching too slow.
That really depends on which encryption system you use, and what
exactly *too* slow is?
> - using UNIX domain sockets (a socket file) to connect to
> memcached. This
> would enable me to use UNIX file permissions to 'secure' memcached
> a bit.
> I see no real pitfalls here, except that it limits me to use memcached
> only on the local machine, and I might want to use dedicated caching
> machines somewhere along the line...
You could simply enable iptables in your kernel, and lock down access
to that box to *only* client machines which you want to be able to
access it. Of course your whole setup should really be hidden inside
a private network anyway with only a single (or perhaps two for some
redundancy?) point of entry. If your memcached server resides on a
private network and your external access points are properly locked
down, then your main concerns should be buffer overflows and physical
attacks to your infrastructure.
I'm surprised there's nobody at your company who can help you with
this tbh, not that people here will refuse to offer advice though.
More information about the memcached