Redis's Security Certifications

Source: Internet
Author: User

The Redis port is open to the outside and no authentication option is configured, and unauthorized users can get all the information in the database directly, causing serious information disclosure.


Security is set up by two methods:

Method One:

You can modify the bound IP, port, and specified visitor IP

Depending on the actual situation to set, you can also directly on the server firewall settings.


Method Two:

Set access password

Find the "requirepass" field in redis.conf, uncomment it and fill in the password you need.

Note: Modifying Redis configuration requires a restart of Redis to take effect.


Here's a second way to set it up.

CD/OPT/REDISCP redis.conf redis.conf.$ (date +%f). Bakgrep "Requirepass" Redis.confecho "Requirepass Lvniankeji" > > redis.confgrep "Requirepass" redis.conf


Close service redis-cli shutdown# #带有密码的redis关闭redis-cli-a lvniankeji shutdown if not the default port, you can specify the port: Redis-cli-p 6379 Shutdown Start Command Redis-server conf/redis.conf


Restart:

Redis-cli-p 6379-a Lvniankeji Shutdown Netstat-lntup | grep Redis/application/redis/bin/redis-server/application/redis/conf/redis.confnetstat-lntup | grep Redis



Certification Method 1

[[email protected] conf]# redis-cli 127.0.0.1:6379> SEt Gao Deng (error) Noauth authentication required.127.0.0.1:6379 > Auth lvniankejiok127.0.0.1:6379> SEt Gao dengok127.0.0.1:6379> get Gao "Deng" 127.0.0.1:6379>


Certification Method 2

[[email protected] conf]# redis-cli-a lvniankeji127.0.0.1:6379> set Gao aok127.0.0.1:6379> get Gao "a" 127.0.0.1:63 79>




# # #redis绑定IP

1. A more secure approach is to use a binding IP to control.

Bind 127.0.0.1

Indicates that access is only allowed through the 127.0.0.1 IP address. In fact, only oneself can access himself, other machines can not access him.



# # #redis权限方式,

# #第一个是屏蔽set command; the second one is to change the get command to GGG

#rename-command Set "" Echo ' Rename-command set "" ' >> Redis.confecho ' rename-command get GGG ' >> redis.conf### # #重启才能生效 [[email protected] conf]# redis-cli 127.0.0.1:6379> set oo oo (error) ERR unknown command ' set ' 127.0.0.1:6379&G T 127.0.0.1:6379> get (Error) ERR unknown command ' get ' 127.0.0.1:6379> GGG (Error) Noauth authentication required .127.0.0.1:6379> GGG id01 (Error) Noauth authentication required.127.0.0.1:6379> Auth lvniankejiok127.0.0.1:6379 > GGG id01 "Xiaogao" 127.0.0.1:6379>


Block a command, or you can rename a command


This article is from the "Struggle Bar" blog, please be sure to keep this source http://lvnian.blog.51cto.com/7155281/1712209

Redis's Security Certifications

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.