On Aug 7, 12:17 pm, Michael Shadle <[email protected]> wrote: > > ) a username/password in the protocol (slowing it down an negating the > original purpose)
Note that SASL does allow username/password and many other types of authentication. If your app uses long-lived connections (as they all should), authentication doesn't make it more slower in any meaningful way. On Aug 7, 4:19 pm, samwyse <[email protected]> wrote: > apparently some very well known sites don't. Warnings just don't help all that much. We have a warning that tells you that we won't start up as root if you try to start memcached as root. People figured out that they could work around this by passing ``-u root'' *sigh* No sysadmin with any idea how things work would ever voluntarily run software as root without really, really good justification and isolation, yet there was a report that memcached had a (theoretical) remote root vulnerability because of how far people were willing to go out of their way to make things insecure. > My suggestion neither slows memcached down nor negates its original > purpose. Ditto Loganaden's patch, which to all appearances you should > also be objecting to. He's breaking the functionality of documented > commands, for gawd's sake; stats cachedump is explicitly undocumented. There is no reference to it in the protocol specifications and the only place you'll find it in the wiki is in the programming FAQ where it says that it's a debugging interface and you shouldn't use it. See this thread for more: http://groups.google.com/group/memcached/browse_thread/thread/a936dbd74a2d9a5f > I won't be able to use remote debug or dump the cache. You can't do it now. > How will I ever be able to find and fix problems? What kind of problem do you think such functionality would ever help you fix? I'm asking a completely serious question because when it's come up in the past all of the answers have come down to, ``I don't know – I just need it.''
