Interesting, I hadn't seen that, updated. I don't think `pylibmc` exposes it, or again not by default.
I actually don't think that it's wrong for a driver library to have these sorts of features disabled by default, because the target audience is typically a slightly higher level of abstraction rather than the end-developer. I think the aim should be to mimic the API of the service as closely as possible with the same defaults where possible. It's then the responsibility of the abstraction layer closer to the application to decide what's more appropriate on that end, and for that to be resolved between the two.
Yep I agree. That's pretty much what the vulnerability was about! (Although Django decided to implement the check itself as it can be therefore be implemented in the same way for all Memcached backends)
I actually don't think that it's wrong for a driver library to have these sorts of features disabled by default, because the target audience is typically a slightly higher level of abstraction rather than the end-developer. I think the aim should be to mimic the API of the service as closely as possible with the same defaults where possible. It's then the responsibility of the abstraction layer closer to the application to decide what's more appropriate on that end, and for that to be resolved between the two.