Skip to content
This repository has been archived by the owner on Dec 5, 2022. It is now read-only.

security issue: memcached is listening on all interfaces by default #6

Open
EmPeWe opened this issue Oct 18, 2016 · 2 comments
Open

security issue: memcached is listening on all interfaces by default #6

EmPeWe opened this issue Oct 18, 2016 · 2 comments
Assignees
@cedricve
Labels
enhancement

Comments

@EmPeWe
Copy link

EmPeWe commented Oct 18, 2016

According to https://github.com/memcached/memcached/wiki/ConfiguringServer the recommendation is: "...you must not expose memcached directly to the internet..."

It would be a better approach to start the daemon with -l 127.0.0.1 or even better using unix sockets (-s ), which is supported in php-memcached since version 2.0.0b1
@cedricve
Copy link
Member

thanks for the comment, we will integrate this in the next release.

@cedricve cedricve self-assigned this Oct 18, 2016
@natefanaro
Copy link

Is this still an issue? I have not tried this yet but according to the init script of memcached this wasn't resolved https://github.com/kerberos-io/kios/blob/master/board/common/overlay/etc/init.d/S63memcached#L4

Will this be fixed? I am trying to evaluate if I want to use this software. I generally trust the devices on my network and know not to expose this to the public internet. Still, seeing an open security issue this old is a concern.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@cedricve cedricve

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@natefanaro @cedricve @EmPeWe