Configuring a Redis Password
For security purposes, DCS provides password-protected instances. In addition, Redis can be accessed without a password. Use an instance access mode as required.
For a DCS instance that is used on the live network or contains important information, you are advised to set a password.
- To modify an instance password, see Changing an Instance Password.
- To change the access mode (password-protected or password-free), or to reset the password, see Resetting an Instance Password.
Suggestions for Password Security
- Hide the password when using redis-cli.
If the -a <password> option is used in redis-cli in Linux, the password is prone to leakage because it is logged and kept in the history. You are advised not to use -a <password> when running commands in redis-cli. After connecting to Redis, run the auth command to complete authentication. For example:
$ redis-cli -h 192.168.0.148 -p 6379 redis 192.168.0.148:6379>auth yourPassword OK redis 192.168.0.148:6379>
- Use interactive password authentication or switch between users with different permissions.
If the script involves DCS instance access, use interactive password authentication. To enable automatic script execution, manage the script as another user and authorize execution using sudo.
- Use an encryption module in your application to encrypt the password.
Changing an Instance Password
- You cannot change the password of a DCS instance in password-free mode.
- The desired Redis instance is in the Running state.
- The new password takes effect immediately on the server without requiring a restart. The client must reconnect to the server using the new password after a pconnect connection is closed. (The old password can still be used before disconnection.)
- Log in to the DCS console.
- Click in the upper left corner of the management console and select the region where your instance is located.
- In the navigation pane, choose Cache Manager.
- Choose More > Change Password in the row containing the chosen instance.
- The Change Password dialog box is displayed. Enter the old and new password, and confirm it.
After 5 consecutive incorrect password attempts, the account for accessing the chosen DCS instance will be locked for 5 minutes. Passwords cannot be changed during the lockout period.
The password must meet the following requirements:- Cannot be left blank.
- Cannot be the same as the old password.
- Can be 8 to 64 characters long.
- Contain at least three of the following character types:
- Lowercase letters
- Uppercase letters
- Digits
- Special characters (`~!@#$^&*()-_=+\|{},<.>/?)
- In the Change Password dialog box, click OK to confirm the password change.
Resetting an Instance Password
- The instance must be in the Running state.
- Disabling password protection may compromise security. You can set a password later by password resetting.
- For security purposes, password-free access must be disabled when public access is enabled.
- The system will display a success message only after the password is successfully reset on all nodes. If the reset fails, the instance will restart and the old password of the instance is still being used.
- Resetting passwords takes effect immediately without server restart. The client must reconnect to the server using the new password after a pconnect connection is closed. (The old password can still be used before disconnection.)
- Log in to the DCS console.
- Click in the upper left corner of the management console and select the region where your instance is located.
- In the navigation pane, choose Cache Manager.
- To change the password setting for a DCS Redis instance, choose Operation > More > Reset Password in the row containing the chosen instance.
- In the Reset Password dialogue box, perform either of the following operations as required:
- Change password-protected access to password-free access.
- Change password-free access to password-protected access or reset the password.
Enter a password, confirm the password, and click OK.
The password must meet the following requirements:- Cannot be left blank.
- Cannot be the same as the old password.
- Can be 8 to 64 characters long.
- Contain at least three of the following character types:
- Lowercase letters
- Uppercase letters
- Digits
- Special characters (`~!@#$^&*()-_=+\|{},<.>/?)
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot