question about using memcached for shared web hosting

Troy Davisson troy.davisson at gmail.com
Tue Dec 18 05:26:59 UTC 2007


Hans,

Hard to talk about security and memcached at the same time it seems.
Memcached itself has no authentication so as long as someone can
connect to the port, they can access memcached content.  The most
common way to lock memcached down seems to be running it on an
internal network (completely blocked from the outside) or using a
firewall (allowing very limited access from the outside).

Running multiple daemons on different ports would keep users from
having problems when they're using the same memcached keys but that's
about it.  Any session information being saved within memcached would
be accessible to at least the other users on the server.

If someone else knows of a different trick to make something like that
work, I'd love to hear it and will stand corrected.

Good luck!

Troy


On Dec 18, 2007 12:07 AM, krystian <krystian at mtiglobal.com> wrote:
>
> John wrote:
> > Hi Hans,
> >
> > You can specify the following directives in your php.ini:
> >
> > session.save_handler = memcache
> > session.save_path = "http://localhost:11211"
> >
> > To test if your current version of php/pecl-memcached supports session
> > do a var_dump(MEMCACHE_HAVE_SESSION), if 1 then you are good to go,
> > otherwise you may need to upgrade php/pecl-memcached.
> >
> > Regards,
> > John
> >
> > Krystian wrote:
> >> Hi!
> >> I'm looking for cache software which I can use in Load Balancing web
> >> servers (especially php sessions).
> >> I'd like to know if it is possible to use memcached in transparent
> >> way. So users don't need rewrite code, just server create sessions in
> >> memcached. Also I'd like to know if it is possible to create
> >> different caches per user (for security each user gets his own
> >> session path).
> >>
> >> Regards,
> >> Hans
> >
>
> Thanks for answer, but still I have doubt.
> For security my present config is:
> client1:
> session.save_path=/client1_path/tmp
> client2:
> session.save_path=/client2_path/tmp
> etc.
> So customers cannot access each other sessions.
>
> Should I direct all clients to one memcache (localhost:11211)? Is it safe?
> Or should I run memcache daemons on few ports and each client gets his
> own port (client1=localhost:11211, client2=localhost: 11212 etc) ?
>
> Regards,
> Hans
>
>
>


More information about the memcached mailing list