Comment 2 for bug 1095730

Revision history for this message
Guang Yee (guang-yee) wrote :

I am more concerned about changing "time" to "timeout" at the moment. This could potentially cause security problems. Consider this ...

1. a valid token is cached with (timeout=0 as default), which means the token is cached for the duration at the discretion of memcached
2. token is revoked from Keystone
3. however, the token is still marked as valid in memcached for as long as it lives

Keystone auth_token don't use "min_compress_len". But I can't guarantee other (OpenStack or others) middleware won't. My point is we need a consistent memcache client interface (for OpenStack) so middleware don't need to know about its implementation.