Memcache_connect and security

ComMania asked:

$memcache_obj = memcache_connect('My server's IP address', 11211);

Using this php code, could anyone can connect to my Memcached server and put something using memcached_get()?

Is it a security problem? How can I block access to it?

My answer:

Until recently (1.4.3) memcached had no support for authentication, so anyone who could connect to memcached could do whatever they wanted.

You can set up authentication if you wish, and your version of memcached is recent enough.

You also should firewall the port, allowing only specific IP addresses in your network to connect to memcached. This will help regardless of version.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.