savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] memcached secured


From: Sylvain Beucler
Subject: Re: [Savannah-hackers-public] memcached secured
Date: Sun, 4 May 2008 10:25:19 +0200
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

On Sun, May 04, 2008 at 09:56:48AM +0200, Sahid Ferdjaoui wrote:
> hello sylvain
> 
> "<Beuc> I'm checking how we can setup memcached at Savannah, securely.
> If anybody can issue a connection to memcached an alter the cache, and
> if users&groups are cached, he could alter the project membership :/"
> 
> we configure the server memcached to accept only requests of
> application servers,
> with iptable, no ?

Yes, but at Savannah we use Linux VServer to run several independent
systems at once. This means we need to make sure only 1 of those
systems can access memcached, and reject the other systems, even if
they are running on the same hardware :)

Technically, nobody has local access to any of those vservers but, if
this ever happens for a reason or another (e.g. improperly secured VCS
hooks), I'd like to block privilege escalation.

-- 
Sylvain




reply via email to

[Prev in Thread] Current Thread [Next in Thread]