Mikael Johansson wrote:
Hi,
You can use the unix socket feature and chown the socket to each
customer, you would of course still need separate memcached instances
for each customer. For example
memcached -s /client1_path/tmp/memcached.sock
chown client1 /client1_path/tmp/memcached.sock
And in client1's php.ini
session.save_handler = memcache
session.save_path = "unix:///client1_path/tmp/memcached.sock"
//Mikael
Troy Davisson wrote:
Hans,
Hard to talk about security and memcached at the same time it seems.
Memcached itself has no authentication so as long as someone can
connect to the port, they can access memcached content. The most
common way to lock memcached down seems to be running it on an
internal network (completely blocked from the outside) or using a
firewall (allowing very limited access from the outside).
Running multiple daemons on different ports would keep users from
having problems when they're using the same memcached keys but that's
about it. Any session information being saved within memcached would
be accessible to at least the other users on the server.
If someone else knows of a different trick to make something like that
work, I'd love to hear it and will stand corrected.
Good luck!
Troy
On Dec 18, 2007 12:07 AM, krystian <[EMAIL PROTECTED]> wrote:
John wrote:
Hi Hans,
You can specify the following directives in your php.ini:
session.save_handler = memcache
session.save_path = "http://localhost:11211";
To test if your current version of php/pecl-memcached supports session
do a var_dump(MEMCACHE_HAVE_SESSION), if 1 then you are good to go,
otherwise you may need to upgrade php/pecl-memcached.
Regards,
John
Krystian wrote:
Hi!
I'm looking for cache software which I can use in Load Balancing web
servers (especially php sessions).
I'd like to know if it is possible to use memcached in transparent
way. So users don't need rewrite code, just server create sessions in
memcached. Also I'd like to know if it is possible to create
different caches per user (for security each user gets his own
session path).
Regards,
Hans
Thanks for answer, but still I have doubt.
For security my present config is:
client1:
session.save_path=/client1_path/tmp
client2:
session.save_path=/client2_path/tmp
etc.
So customers cannot access each other sessions.
Should I direct all clients to one memcache (localhost:11211)? Is it safe?
Or should I run memcache daemons on few ports and each client gets his
own port (client1=localhost:11211, client2=localhost: 11212 etc) ?
Regards,
Hans
I guess I didn't mention that I need memcached because of problem with
php session between Load Balanced webservers.
We run few testing web servers which share storage and database. Our
Load Balancer use round-robin to webserver, what cause that websites
with php sessions need to recreate sessions, and slow down access to
website even > 60 sec.
I can use sticky connections but then the load is not balanced.
I think that I can use memcached, but seems that I will have problem to
implement it in secure way. Each client run in chroot enviroment under
the some one user name.
Memcached should help me to sync sessions between servers, remove need
of recreating sessions between servers.
Regards,
Hans
