Software architecture Memcached
the system uses client–server architecture. servers maintain key–value associative array; clients populate array , query key. keys 250 bytes long , values can @ 1 megabyte in size.
clients use client-side libraries contact servers which, default, expose service @ port 11211. both tcp , udp supported. each client knows servers; servers not communicate each other. if client wishes set or read value corresponding key, client s library first computes hash of key determine server use. gives simple form of sharding , scalable shared-nothing architecture across servers. server computes second hash of key determine store or read corresponding value. servers keep values in ram; if server runs out of ram, discards oldest values. therefore, clients must treat memcached transitory cache; cannot assume data stored in memcached still there when need it. other databases, such memcachedb, couchbase server, provide persistent storage while maintaining memcached protocol compatibility.
if client libraries use same hashing algorithm determine servers, clients can read each other s cached data.
a typical deployment has several servers , many clients. however, possible use memcached on single computer, acting simultaneously client , server. size of hash table large. limited available memory across servers in cluster of servers in data center. high-volume, wide-audience web publishing requires it, may stretch many gigabytes. memcached can equally valuable situations either number of requests content high, or cost of generating particular piece of content high.
security
most deployments of memcached within trusted networks clients may freely connect server. however, memcached deployed in untrusted networks or administrators want exercise control on clients connecting. purpose memcached can compiled optional sasl authentication support. sasl support requires binary protocol.
a presentation @ blackhat usa 2010 revealed number of large public websites had left memcached open inspection, analysis, retrieval, , modification of data.
even within trusted organisation, flat trust model of memcached may have security implications. efficient simplicity, memcached operations treated equally. clients valid need access low-security entries within cache gain access entries within cache, when these higher-security , client has no justifiable need them. if cache key can either predicted, guessed or found exhaustive searching, cache entry may retrieved.
some attempt isolate setting , reading data may made in situations such high volume web publishing. farm of outward-facing content servers have read access memcached containing published pages or page components, no write access. new content published (and not yet in memcached), request instead sent content generation servers not publicly accessible create content unit , add memcached. content server retries retrieve , serve outwards.
Comments
Post a Comment