StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow can I secure memcached/beanstalkd in a hostile cloud environment?
text
Body
copied!<p>Here's how my servers (in Amazon EC2) would look like:</p> <pre> Server 1 Server 2 Server 3 __________________________ _____________________ _______________ | Cloud Monitor Daemon | | Memcached daemon | | beanstalkd | | | | Memcached daemon | ________________ | "Hostile" user process | / | Memcached daemon | | "Hostile" user process | / | Memcached daemon | | "Hostile" user process | / | Memcached daemon | | "Hostile" user process | / ______________________ | "Hostile" user process | / __________________________ </pre> <p>There's multiple user processes on one server. Each user then has their own memcached instance running on a (separate) server (with many other memcached instances). Without any sort of security (as it is by default), user process B could guess the port of the memcached instance of user A and access it. How can I secure this system so that user C could only access memcached instance C and no other (even though the memcached instances are all on the same server)? My user should not have to do anything to make use of the security (just continue connecting to the memcached port as usual), it should all happen automatically by the system.</p> <p>Also, the Cloud Monitor Daemon on the server along with the "hostile" user processes needs to be able to access a remote beanstalkd server. Beanstalkd has no authentication either, so if my Monitor Daemon can access beanstalkd, so can the "hostile" user processes, and I don't want that. How can I secure this part?</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload