Hi! Two months ago we announced the availability of a version of memcached that we’ve been calling secure memcached. This current branch of memcached includes ssl encryption between client and server. Currently, client support is limited to libmemcached, but we’ll work with our beta sites to support additional clients as needed. Our plan is to submit our branch as a patch to the project once we receive more feedback from betas.
Our upcoming Beta 2 version of secure memcached will add encryption for data held inside the server. As such, if someone gets their hands on your memcached server, they won’t be able to read the data. The level of security in Beta 2 will resolve the vulnerability faced by memcached users recently discussed on Slashdot: http://it.slashdot.org/story/10/08/07/035255/Cache-On-Delivery-mdash-Memcached-Opens-an-Accidental-Security-Hole.
Beta 2 is slated for release in a couple of weeks. Please contact us at firstname.lastname@example.org if you would like to participate in the beta program.
For performance results for secure memcache, please contact us.
A copy of our presentation on secure memcached given at OSCON is available here: PPT Download