14.18.4 Security Considerations for the InnoDB memcached Plugin

14.18.4.1 Password-Protecting the memcached Interface through SASL
Caution

Consult this section before deploying the InnoDB memcached plugin on any production servers, or even test servers if the MySQL instance contains any sensitive information.

Because memcached does not use an authentication mechanism by default, and the optional SASL authentication is not as strong as traditional DBMS security measures, make sure to keep only non-sensitive data in the MySQL instance using the InnoDB memcached plugin, and wall off any servers using this configuration from potential intruders. Do not allow memcached access to such servers from the Internet, only from within a firewalled intranet, ideally from a subnet whose membership you can restrict.