question about using memcached for shared web hosting

mike mike503 at gmail.com
Tue Dec 18 05:29:35 UTC 2007


instead of using memcached as the save handler in php, why not just
make your own functions that use your own memcached calls?

seems like it achieves the same result, and doesn't require session
support in the module either. it's just generic cache access. right?

On 12/17/07, Troy Davisson <troy.davisson at gmail.com> wrote:
> Hans,
>
> Hard to talk about security and memcached at the same time it seems.
> Memcached itself has no authentication so as long as someone can
> connect to the port, they can access memcached content.  The most
> common way to lock memcached down seems to be running it on an
> internal network (completely blocked from the outside) or using a
> firewall (allowing very limited access from the outside).
>
> Running multiple daemons on different ports would keep users from
> having problems when they're using the same memcached keys but that's
> about it.  Any session information being saved within memcached would
> be accessible to at least the other users on the server.
>
> If someone else knows of a different trick to make something like that
> work, I'd love to hear it and will stand corrected.
>
> Good luck!
>
> Troy
>
>
> On Dec 18, 2007 12:07 AM, krystian <krystian at mtiglobal.com> wrote:
> >
> > John wrote:
> > > Hi Hans,
> > >
> > > You can specify the following directives in your php.ini:
> > >
> > > session.save_handler = memcache
> > > session.save_path = "http://localhost:11211"
> > >
> > > To test if your current version of php/pecl-memcached supports session
> > > do a var_dump(MEMCACHE_HAVE_SESSION), if 1 then you are good to go,
> > > otherwise you may need to upgrade php/pecl-memcached.
> > >
> > > Regards,
> > > John
> > >
> > > Krystian wrote:
> > >> Hi!
> > >> I'm looking for cache software which I can use in Load Balancing web
> > >> servers (especially php sessions).
> > >> I'd like to know if it is possible to use memcached in transparent
> > >> way. So users don't need rewrite code, just server create sessions in
> > >> memcached. Also I'd like to know if it is possible to create
> > >> different caches per user (for security each user gets his own
> > >> session path).
> > >>
> > >> Regards,
> > >> Hans
> > >
> >
> > Thanks for answer, but still I have doubt.
> > For security my present config is:
> > client1:
> > session.save_path=/client1_path/tmp
> > client2:
> > session.save_path=/client2_path/tmp
> > etc.
> > So customers cannot access each other sessions.
> >
> > Should I direct all clients to one memcache (localhost:11211)? Is it safe?
> > Or should I run memcache daemons on few ports and each client gets his
> > own port (client1=localhost:11211, client2=localhost: 11212 etc) ?
> >
> > Regards,
> > Hans
> >
> >
> >
>


More information about the memcached mailing list