Redis password setting and password viewing methods

redis does not implement access control, but it does provide a lightweight authentication method that allows you to edit the ES2en.conf configuration to enable authentication.

1. Initialize the Redis password:

There is a parameter in the configuration file: requirepass, which is the parameter to configure the redis access password.

requirepass test123;

(Ps: Restart Redis to take effect)

redis's query speed is very fast, external users can try up to 150K passwords in one second; So keep your password as long as possible (there is no need to remember passwords for DBA);

2. Do not restart Redis to set the password:

Configure the password for requirepass in the configuration file (it will still be valid when redis is restarted).

  redis 127.0.0.1:6379> config set requirepass test123

Query password:

 redis 127.0.0.1:6379> config get requirepass
  (error) ERR operation not permitted

Password authentication:

 redis 127.0.0.1:6379> auth test123
  OK

Check again:

[

redis 127.0.0.1:6379 > config get requirepass
1) "requirepass"
2) "test123"

]

PS: If the password is not added in the configuration file, the password will be invalid after the restart of redis.

3. Login Redis with password:

Enter your password when you log in:

redis-cli -p 6379 -a test123

Login before verification:

[

redis-cli -p 6379

redis 127.0.0.1:6379 > auth test123
OK

]

The AUTH command, like the other redis commands 1, is not encrypted; You can't stop an attacker from stealing your password on the network;

The goal of the authentication layer is to provide an additional layer of protection. If the firewall or the system used to protect redis against external attacks fails, external users will not be able to access redis without password authentication.

conclusion