User authentication for Redis

Redis does not implement access control, but it provides a lightweight authentication method that allows you to edit the redis.conf configuration to enable authentication.

1. Initialize Redis password:

There are parameters in the configuration file: Requirepass This is the parameter that configures the Redis access password;

such as Requirepass test123;

(Ps: Need to restart Redis to take effect)

Redis query speed is very fast, external users can try to 150K a second password, so the password to be as long as possible (for DBAs do not need to remember the password);

2, do not restart Redis set Password:

Configure the Requirepass password in the configuration file (the password is still valid when the Redis is restarted).

Redis 127.0.0.1:6379> Config set Requirepass test123

Query Password:

Redis 127.0.0.1:6379> config Get requirepass

(Error) ERR Operation not permitted

Password verification:

Redis 127.0.0.1:6379> Auth test123

Ok

Query again:

Redis 127.0.0.1:6379> config Get requirepass

1) "Requirepass"

2) "Test123"

PS: If the configuration file does not add a password so redis restart, the password is invalid;

3, Login with password Redis:

Enter the password at the time of login:

Redis-cli-p 6379-a test123

First login and then verify:

Redis-cli-p 6379

Redis 127.0.0.1:6379> Auth test123

Ok

The auth command, like other Redis commands, is not encrypted; it prevents attackers from stealing your passwords on the Internet;

The goal of the certification layer is to provide an extra layer of protection. If the firewall or the system used to protect the Redis fails to defend against external attacks, external users cannot access Redis if they are not authenticated by a password.

This article is from the "Technology Achievement Dream" blog, please be sure to keep this source http://weipengfei.blog.51cto.com/1511707/1217872