Ok, I understand everyone is busy and therefore I'm willing to pay to get this functionality implemented as long as it is integrated into the core project. Can anyone offer me price for the work, I'm happy to supply more detailed requirements.
On Apr 12, 12:40 pm, hoos <[email protected]> wrote: > Hello, > > I'd like to request multiple configurable channel support for > memcached, to clarify I want to be able to configure a single instance > of memcached to listen to multiple network interfaces (or IP address/ > Port combinations) and to enable/disable SASL authentication on the > different channels (and potentially other connection options in > future). > > If this functionality already exists and I missed it I apologies and > would appreciate it if someone can direct w.r.t configuring it. > > By enabling this enhancement it will greatly improve the security > configuration options that are available and also allow different > clients with different capabilities to connect to memcached. I hope > the following use case describes the benefits. > I have a range of potential clients to my memcached instance, they > include clients that: > > • Support SASL authentication > • Don’t support SASL authentication > • Are deployed to trusted networks > • Are deployed to un-trusted networks > > In order to securely allow access to all these client types I > currently have to disable SASL on my memcached instance (as some of my > clients don’t support it) and employ a firewall (e.g. ITPABLES) and > encrypted transports (e.g. STUNNEL) to enable authentication and > protect against a range of threats from client connections from un- > trusted networks (man in the middle being the main threat). While all > this is doable it greatly increases the complexity of my solution and > introduces an administrative burden, which while it is acceptable is > not optimal. > > If I could configure memcached to listen for connections on a range of > IP addresses bound to different interfaces some of which can be > configured to support SASL and others without, this would allow the > broadest range of client connectivity while also maintaining fine > grained access control to memcached and limit the performance loss > associated with security to only those clients that require it. The > complexity is centralised in memcached and the number of moving parts > is potentially reduced. > > The enhancement essentially increases my operational agility and there > other use cases that will benefit from this enhancement, for example > if I need to bridge connections from different VLANs (which may well > be a constraint I’ll face in the near future). > > Any thoughts or comments are welcome.
