Hi!
On Jun 2, 2008, at 9:17 PM, Roy Lyseng wrote:
For maximum security, they should probably both be disabled by
default.
Debian does this already. Linux distributions typically install
Memcached as best befits their security needs.
You should also consider a release taxonomy where these kinds of
changes are not allowed unless there is a major (or minor) release
number upgrade, and followed by a proper release note.
For most memcached environments, this is probably not an issue, but
there may be some combinations of firewall policies and port number
changes that accidentally cause a security issue.
It was, that was one of the major changes for the 1.2.5 release :)
Cheers,
-Brian
Thanks,
Roy
Cheers,
-Brian
On Jun 2, 2008, at 11:59 AM, Dustin Sallings wrote:
I believe so. Unless you specify a UNIX domain socket, you get
a TCP port.
--
_______________________________________________________
Brian "Krow" Aker, brian at tangent.org
Seattle, Washington
http://krow.net/ <-- Me
http://tangent.org/ <-- Software
_______________________________________________________
You can't grep a dead tree.
--
_______________________________________________________
Brian "Krow" Aker, brian at tangent.org
Seattle, Washington
http://krow.net/ <-- Me
http://tangent.org/ <-- Software
_______________________________________________________
You can't grep a dead tree.
