Hello,<br><br><br>I'm planning to use memcached in mass hosting environment. In general that would say that any php user can access data<br>that is stored in memcached, even if this memcached data is only for hosting platform use. Common usage of memcached is in friendly
<br>environment, where you hold strings, application, network and other resources, and there is no user application allowed. <br>I need to protect access to memcached. Firewall is not an option, hidden interfaces and private networks can be scanned, and other obscurity ways are not option.
<br><br>I've read memcached list discussion on authentication. There are few possibilities that I can think of:<br>a) Restrict memcached to accept conections from TCP port that is less than 1024, that would be quite fast solution, and it's based on fact that you are the only one with root account on client side.
<br>b) crypt and sign data (content) stored on memcache, so even if users get access to memcached they can't poison data but they can exhaust memory :(<br>c) implement authenticaiton (exact way should be discussed)<br>
d) secure transport (includes authentication - already suggeste on list and done)<br>e) put some kind of tcp wrapper in front of memcached,and let tcp wrapper handle authentication<br><br>Maybe someone has already nice working solution ?
<br><br>I've understood that authentication was proposed more than once, and it was rejected protecting memcached performance. <br>One sent url with encrypted memcached (TLS). It's easy to implement authentication as private patch, but there is no sense
<br>if it's not accepted as patch in main memcached code. <br><br>If using memcached in not so friendly environment is not so frequent, then private patch is the best scenario. <br>If this is not so rare case of memcached usage, let's discuss authentication once again.
<br><br>What do you think ?<br><br><br>Kind Regards<br><br>Milos<br>