Redis: protected-mode and weak ACL configuration
Redis serves as a swiss-army-knife for all things data, queue, logs and more. This means it is more than probable that data in Redis is sensitive and requires proper security around it.
This is why user authentication (ACL) in Redis should use strong passwords, like any other strong-password best practice.
Using protected-mode no
and also allowing a nopass
user create a gap in security, it is strongly recommended to use protected-mode yes
.
Problem
In redis.conf
:
protected-mode no
Fix
In redis.conf
:
protected-mode yes
See
Updated over 1 year ago