英文:
Is Google App Engine memcache secure?
问题
我的应用程序在每个请求上检查用户身份验证和授权,我正在考虑将身份验证和授权数据从数据存储迁移到内存缓存(memcache)中。
内存缓存(memcache)适合这种用例吗?它是否安全,我是否应该这样做?
英文:
My application checks user authentication and authorization on every request and I am thinking of moving the authentication and authorization data from datastore to memcache.
Is memcache suitable for this usecase? Is it secure or I should not do it?
答案1
得分: 2
是的,Memcache是安全的。如果你将重要内容保存到Memcache中,你必须在数据存储中备份,因为它可能在任何时刻被清除。在Python(NDB)和Java(Objectify)中有数据存储的API可以自动管理缓存,但我不确定Go语言是否有相应的API。
如果你的用户使用他们的Google账号登录,你可以使用Users API1。
英文:
Yes, Memcache is secure. If you save important content to Memcache you have to back it up on datastore because it can be evicted at any moment. There are datastore APIs on Python (NDB) and Java (Objectify) that manage the cache for you automatically, but I'm not sure about Go.
If your users log in with their Google Account you can use the Users API1.
答案2
得分: 1
是的,正如标记答案所说,memcache是安全的(即使是共享的memcache)。
然而,正如一条评论所说,你真的不应该重新发明appengine会话,而是应该使用它们。在Google上搜索“appengine go sessions”,你会找到相关资源。在搜索结果中的第一个链接:
https://godoc.org/code.google.com/p/sadbox/appengine/sessions
向你展示了如何在Go中使用它们。
除了处理memcache和数据存储的实现外,它还具有可配置的过期时间等其他功能。
英文:
Yes, memcache is secure as the marked answer says (even shared memcache).
However as one comment says, you should really not reinvent appengine sessions, and instead use them. Google for "appengine go sessions" and you will find resources about it. The first link in that search:
https://godoc.org/code.google.com/p/sadbox/appengine/sessions
shows you how to use them in Go.
Besides handling the memcache and datastore implementation, it has additional features like configurable expiration.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论