Is memcached secure?


#1

I’ve received notification from https://memcachedscan.shadowserver.org/ that my couchbase instances are visible on the internet, hence all of my key/value data is potentially visible to anyone? Can this be made secure?


#2

Interesting. If you’re using a bucket other than “default” with a password, there is authentication. If you’re using 3.0 EE and one of the 2.0 SDKs, you also configure SSL support. I don’t know how their scan works but just something listening on port 11211 with memcached protocol does not necessarily mean your data is available to everyone. Couchbase implements the memcached SASL auth*.

*we actually wrote it and contributed it to the memcached.org project