Re: [Savannah-hackers-public] memcached secured

savannah-hackers-public

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] memcached secured

From:	Sylvain Beucler
Subject:	Re: [Savannah-hackers-public] memcached secured
Date:	Sun, 4 May 2008 10:25:19 +0200
User-agent:	Mutt/1.5.17+20080114 (2008-01-14)

On Sun, May 04, 2008 at 09:56:48AM +0200, Sahid Ferdjaoui wrote:
> hello sylvain
> 
> "<Beuc> I'm checking how we can setup memcached at Savannah, securely.
> If anybody can issue a connection to memcached an alter the cache, and
> if users&groups are cached, he could alter the project membership :/"
> 
> we configure the server memcached to accept only requests of
> application servers,
> with iptable, no ?

Yes, but at Savannah we use Linux VServer to run several independent
systems at once. This means we need to make sure only 1 of those
systems can access memcached, and reject the other systems, even if
they are running on the same hardware :)

Technically, nobody has local access to any of those vservers but, if
this ever happens for a reason or another (e.g. improperly secured VCS
hooks), I'd like to block privilege escalation.

-- 
Sylvain

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers-public] memcached secured, Sahid Ferdjaoui, 2008/05/04
- Re: [Savannah-hackers-public] memcached secured, Sylvain Beucler <=

Prev by Date: [Savannah-hackers-public] memcached secured
Next by Date: [Savannah-hackers-public] Mailing list posting size limits
Previous by thread: [Savannah-hackers-public] memcached secured
Next by thread: [Savannah-hackers-public] Mailing list posting size limits
Index(es):
- Date
- Thread