Home > Others

Memcache prevents illegal read of data security Configuration

Source: Internet
Author: User
Tags memcached iptables
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Memcache server side is directly through the client directly after the operation, without any verification process, so if the server is directly exposed to the Internet is more dangerous, light data leakage by other unrelated personnel to view, heavy server was invaded, because the Mecache is run with root permissions, Besides, there may be some unknown bugs or buffer overflows, which are unknown, so the danger is predictable. To be on the safe side, I make two suggestions that can be a little bit of protection against hacking or data leaks.

1, intranet access or local access:

It is best to access the two servers in the intranet form, typically between the Web server and the Memcache server. Universal servers are two network cards, a point to the Internet, a point to the intranet, then let the Web server through the intranet network card to access the Memcache server, we memcache the server on the start of the monitoring intranet IP address and port, Access between the intranet can effectively prevent other illegal access.

The code is as follows Copy Code

# memcached-d-M 1024-u root-l 192.168.0.200-p 11211-c 1024-p/tmp/memcached.pid

Or:

# memcached-d-M 1024-u root-l 127.0.0.1-p 11211-c 1024-p/tmp/memcached.pid

Memcache server-side setup listens to 11211 ports of 192.168.0.200 or local IP via intranet, consumes 1024MB of RAM, and allows maximum 1024 concurrent connections

2, set the firewall

Firewall is a simple and effective way, if it is two servers are hanging in the net, and need to access memcache through the extranet IP, then you can consider using a firewall or agent program to filter illegal access.

In general, we can use Iptables or FreeBSD under Linux to specify some rules to prevent illegal access, such as we can set up only our web server to access our Memcache server, while blocking other access.

The code is as follows Copy Code

# iptables-f

# iptables-p INPUT DROP

# iptables-a input-p tcp-s 192.168.0.2--dport 11211-j ACCEPT

# iptables-a input-p udp-s 192.168.0.2--dport 11211-j ACCEPT

The iptables rule above is to allow only 192.168.0.2 this Web server access to the Memcache server, can effectively prevent some illegal access, the corresponding can also add some other rules to enhance security, this can be done according to their own needs.

Of course, you can also directly reject the external connection 11211 port is also possible.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
unable to read security descriptors data stream read data read blob data read post data php read binary data php read exif data php read post data

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More