Last modified: 2013-06-01 14:47:47 UTC
Because web apps that don't make servers cry need memcached (or equivalent)
sounds good
biggest problem of memcached I see now is that it is totally insecure - foreign tool would be able to retrieve your own data and even modify them
Ah, hmm. Redis doesn't offer ACLs either. Perhaps offer Memcached / Redis, but with a warning about the security implications?
And strictly tell people to not use it for things like user sessions, etc, and to treat it as completely 'public'. We can even name the service / server something like that to keep reminding people...
memcache seems to support sasl. I created a new instance tools-mc and I will try to compile memcached sith sasl option there so we can play with it. Running mediawiki on tools without mc is horrid idea
http://code.google.com/p/memcached/wiki/SASLHowto :o
ok I installed memcache on tools-mc (listening on port 11211) it seems to work but authentication is rather complicated to pass since sasl only support binary protocol. I doubt that mediawiki in current version support memcached with sasl, but maybe it would be useful so someone go and implement it :P
https://github.com/ronnywang/PHPMemcacheSASL
it still has a lot of disadvantages probably it doesn't even create container per user, so authenticated user can actually access data of other users as well. Given how the protocol is simple, I will probably write own memcached server just for this purpose :>
An instance for every tool, perhaps?
ok per discussion we had I enabled the "hacked" memcache which has no stats command on tools-mc (port 11211) you can use it and test it :) the recommended way to secure your data is to generate some secret hash and prefix all keys with that, nobody will be able to list them without knowing the secret hash