Last modified: 2013-06-01 14:47:47 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T51036, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 49036 - Add a memcached pool
Add a memcached pool
Status: RESOLVED FIXED
Product: Wikimedia Labs
Classification: Unclassified
tools (Other open bugs)
unspecified
All All
: High enhancement
: ---
Assigned To: Peter Bena
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-01 05:59 UTC by Yuvi Panda
Modified: 2013-06-01 14:47 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Yuvi Panda 2013-06-01 05:59:52 UTC 
Because web apps that don't make servers cry need memcached (or equivalent)
Comment 1 Peter Bena 2013-06-01 07:14:58 UTC 
sounds good
Comment 2 Peter Bena 2013-06-01 07:16:26 UTC 
biggest problem of memcached I see now is that it is totally insecure - foreign tool would be able to retrieve your own data and even modify them
Comment 3 Yuvi Panda 2013-06-01 07:19:03 UTC 
Ah, hmm. Redis doesn't offer ACLs either. Perhaps offer Memcached / Redis, but with a warning about the security implications?
Comment 4 Yuvi Panda 2013-06-01 07:49:55 UTC 
And strictly tell people to not use it for things like user sessions, etc, and to treat it as completely 'public'. We can even name the service / server something like that to keep reminding people...
Comment 5 Peter Bena 2013-06-01 10:48:17 UTC 
memcache seems to support sasl. I created a new instance tools-mc and I will try to compile memcached sith sasl option there so we can play with it. Running mediawiki on tools without mc is horrid idea
Comment 6 Peter Bena 2013-06-01 10:48:54 UTC 
http://code.google.com/p/memcached/wiki/SASLHowto :o
Comment 7 Peter Bena 2013-06-01 11:48:51 UTC 
ok I installed memcache on tools-mc (listening on port 11211) it seems to work but authentication is rather complicated to pass since sasl only support binary protocol. I doubt that mediawiki in current version support memcached with sasl, but maybe it would be useful so someone go and implement it :P
Comment 8 Peter Bena 2013-06-01 11:55:38 UTC 
https://github.com/ronnywang/PHPMemcacheSASL
Comment 9 Peter Bena 2013-06-01 12:06:10 UTC 
it still has a lot of disadvantages probably it doesn't even create container per user, so authenticated user can actually access data of other users as well. Given how the protocol is simple, I will probably write own memcached server just for this purpose :>
Comment 10 Yuvi Panda 2013-06-01 12:27:01 UTC 
An instance for every tool, perhaps?
Comment 11 Peter Bena 2013-06-01 14:47:47 UTC 
ok per discussion we had I enabled the "hacked" memcache which has no stats command on tools-mc (port 11211) you can use it and test it :) the recommended way to secure your data is to generate some secret hash and prefix all keys with that, nobody will be able to list them without knowing the secret hash
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links