I disagree with employing native IP filtering within the memcached server. If your environment utilizes multiple datacenters, it's probably best to manage access control lists at the physical network layer (e.g., your ingress router). Otherwise, on linux, IPTables exists for host kernel-level IP restriction. If it's absolutely necessary to become an application-based restriction, work should be done to incorporate TCP Wrappers on the linux builds. To encrypt cross-datacenter traffic, you can employ out-of-the-box IP Sec tunneling, or even something more basic like TCP tunneling over SSH. Lots of standardized options here that don't require any modification to the memcached server.
> On Thu, Sep 11, 2008 at 3:56 PM, Chris <[EMAIL PROTECTED]> wrote: > >> >> Another "nice to have" - security. Each datacenter has its own >> private network, and memcached only listens on the private networks. >> >> It would be nice to configure any services listening on public >> interfaces to only accept connections from a specific IP address >> range, or only from a list of users who authenticate themselves with a >> signed certificate. >> > >
