On Oct 26, 1:33 am, Toru Maesaka <[email protected]> wrote:
> From chasing the commit log and reading Trond's blog entry, I noticed
> that we're throwing in SASL support to memcached.
>
> I guess this is to make it friendlier to deploy memcached on an
> untrusted network (e.g. Amazon's EC2) but I wanted to hear what the
> actual deciding factor was. You know, personal curiosity and to keep
> record of this feature discussion in the community mailing list.
Hey,
Thanks for starting this. I was trying to get a few things together
on the wiki and had pretty much forgotten about the list. :/
Your guess is pretty much it, though... there have been some really
awful deployments. The worst I've personally heard of was at an ISP
that offers both VPS and shared web hosting services where customers
would apparently commonly get a VPS instance just to run memcached and
connect to it from the shared web servers. Effectively, anyone with
access to this service (i.e. anyone) can fairly easily rummage
through / manipulate anyone else's cache.
As a bonus, the code already existed. We'd talked about it a long
time ago and I built some stuff that worked then, but just got around
to cleaning it up enough to go (you can see the commits are from early
May).
I don't think the documentation is *awesome* yet, but I've got the
higher level howto and protocol spec on the wiki:
http://code.google.com/p/memcached/wiki/SASLHowto
http://code.google.com/p/memcached/wiki/SASLAuthProtocol
