Hi, You can use the unix socket feature and chown the socket to each customer, you would of course still need separate memcached instances for each customer. For example
memcached -s /client1_path/tmp/memcached.sock chown client1 /client1_path/tmp/memcached.sock And in client1's php.ini session.save_handler = memcache session.save_path = "unix:///client1_path/tmp/memcached.sock" //Mikael Troy Davisson wrote: > Hans, > > Hard to talk about security and memcached at the same time it seems. > Memcached itself has no authentication so as long as someone can > connect to the port, they can access memcached content. The most > common way to lock memcached down seems to be running it on an > internal network (completely blocked from the outside) or using a > firewall (allowing very limited access from the outside). > > Running multiple daemons on different ports would keep users from > having problems when they're using the same memcached keys but that's > about it. Any session information being saved within memcached would > be accessible to at least the other users on the server. > > If someone else knows of a different trick to make something like that > work, I'd love to hear it and will stand corrected. > > Good luck! > > Troy > > > On Dec 18, 2007 12:07 AM, krystian <[EMAIL PROTECTED]> wrote: >> John wrote: >>> Hi Hans, >>> >>> You can specify the following directives in your php.ini: >>> >>> session.save_handler = memcache >>> session.save_path = "http://localhost:11211"; >>> >>> To test if your current version of php/pecl-memcached supports session >>> do a var_dump(MEMCACHE_HAVE_SESSION), if 1 then you are good to go, >>> otherwise you may need to upgrade php/pecl-memcached. >>> >>> Regards, >>> John >>> >>> Krystian wrote: >>>> Hi! >>>> I'm looking for cache software which I can use in Load Balancing web >>>> servers (especially php sessions). >>>> I'd like to know if it is possible to use memcached in transparent >>>> way. So users don't need rewrite code, just server create sessions in >>>> memcached. Also I'd like to know if it is possible to create >>>> different caches per user (for security each user gets his own >>>> session path). >>>> >>>> Regards, >>>> Hans >> Thanks for answer, but still I have doubt. >> For security my present config is: >> client1: >> session.save_path=/client1_path/tmp >> client2: >> session.save_path=/client2_path/tmp >> etc. >> So customers cannot access each other sessions. >> >> Should I direct all clients to one memcache (localhost:11211)? Is it safe? >> Or should I run memcache daemons on few ports and each client gets his >> own port (client1=localhost:11211, client2=localhost: 11212 etc) ? >> >> Regards, >> Hans >> >> >>
signature.asc
Description: OpenPGP digital signature
