If redis is installed on the intranet, it does not matter if the password is not set. However, if it is put on the Internet, it is still necessary to set the password and modify the default port, especially when installing redis under root authority. In this way, it is a matter of minutes for
the server to be attacked, so the following introduction sets the password and modify the port for redis:
change Password
1. Permanent setting, that is, to write a password in the configuration (recommended)
Find #requirepass foobared in redis.conf configuration of redis, remove ‘#’, and change foobared to the password to be set, such as:
requirepass test123. In this way, you need to restart the redis
service to set up successfully.
Second, set a temporary new password, no need to restart, the temporary password is invalid after restart
After entering redis-cli, set as follows
Set password: 127.0.0.1:6379> config set requirepass test123
Query password:
redis 127.0.0.1:6379> config get requirepass
(error) ERR operation not permitted
Password validation:
redis 127.0.0.1:6379> auth test123
OK
ps:
The AUTH command, like other redis commands, is not encrypted; it cannot prevent an attacker from stealing your password on the network;
The goal of the authentication layer is to provide an additional layer of protection. If the firewall or the system used to protect redis fails to defend against external attacks, external users cannot access redis if they do not pass password authentication.
Modify the port
Go to the redis.conf file and change the 6379 here to the desired port, such as port 6378, then restart redis. We use redis-cli to access the default port 6379, so we have to specify the port, use the command redis-cli -p 6378 so that we can successfully connect to our modified port.
ps
End redis:
1. Shutdown under redis-cli
2. ps -ef|grep redis find the pid of redis, use kill -9 pid
Start redis:
./redis-server ./redis.config
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
