How Can I Secure My DCS Redis Instances?
Redis is one of the most powerful and widely used open-source cache technologies. However, the open-source Redis does not have robust security features of its own. It is vulnerable to malicious Internet attacks, possibly causing data breaches.
To secure your DCS Redis instances, consider taking the following advice:
- Network connection configurations
- redis-cli usage
- Hide the password.
Problem: If the -a <password> option is used, the password may show up when the ps command is run.
Solution: Modify the Redis source code. Hide the password immediately after starting redis-cli by calling the main function.
- Disable sudo in running scripts.
Problem: Parameters for starting redis-cli contain sensitive patterns related to the password, which may show up when the ps command is run and may be logged.
Solution: Access the instance by calling APIs (or through redis-py in Python). Do not allow switching to the dbuser user using sudo in redis-cli.
- Hide the password.
Security FAQs
- How Do I Configure a Security Group?
- Why Can't Security Groups Be Configured for DCS Redis 4.0/5.0/6.0 Basic Edition Instances?
- How Can I Secure My DCS Redis Instances?
- Does DCS Support Cross-AZ Deployment?
- Is a Password Required for Accessing an Instance? How Do I Set a Password?
- What Is Sentinel?
- Does DCS Manage Instances in Sentinel Mode?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more
