I agree memcache isn't expected - and designed - to persistently keep your data, hence unsuitable for critical session data storage.... which sweetly introduces an idea for our *beloved* memcache developers: would it not be nice to have an option (just an option) to cache data with no possibility of expulsion with, for example, a precondition that such cached data cannot exceed *n%* of total memory allocated to memecache on each server (or quite simply with no preconditions).
This way, large (or small) sets of critical data, e.g. sessions (or a cross section of session data e.g. login data) would be saved in memcache without worrying about expulsions or expirations My hunch is that the memcache devs have probably considered this idea but never went ahead with it..... I would be interested to know why? On 10 March 2010 16:45, Les Mikesell <lesmikes...@gmail.com> wrote: > On 3/10/2010 10:28 AM, Brian Hawkins wrote: > >> Explain how using memcached opens one self to a DOS attack? >> > > If you are expecting it to be a persistent store by itself, simply > exceeding capacity will drop data before you expect it to expire. Of course > if your sessions are tied to logins this would be harder to cause, and if > you have a backing DB of critical entries then it's not a problem until you > overwhelm the DB. > > Memcache itself isn't a problem unless you expect it to always have your > data, which it isn't intended to do. > > -- > Les Mikesell > lesmikes...@gmail.com > >
