LabEx
Log InJoin Free

Redis Security Settings

RedisBeginner
Practice Now

Introduction

In this lab, you will learn how to enhance the security of your Redis server. We'll cover setting a password to prevent unauthorized access and disabling specific commands to limit potential misuse. By the end of this lab, you'll have a more secure Redis instance.

Setting a Password with CONFIG SET requirepass

By default, Redis doesn't require a password, making it vulnerable. Setting a password is the first and most important step in securing your Redis server. We'll use the CONFIG SET requirepass command to do this.

The CONFIG SET command allows you to dynamically change Redis configuration settings. The requirepass setting specifies the password that clients must provide to connect to the server.

Let's get started:

  1. Connect to the Redis server using redis-cli:

    Open a terminal in the LabEx VM. The default directory is ~/project. Execute the following command:

    redis-cli

    This will connect you to the Redis server running on the default host (127.0.0.1) and port (6379). You should see the 127.0.0.1:6379> prompt.

    127.0.0.1:6379>

  2. Set the password using the CONFIG SET requirepass command:

    We'll set the password to mysecretpassword. For production environments, choose a strong, unique password.

    CONFIG SET requirepass mysecretpassword

    You should see the following output:

    OK

    This confirms the password has been set.

    Now, exit the redis-cli by typing exit and pressing Enter. This ensures that your commands are logged.

    exit

  3. Attempt to execute a command without authentication:

    Open a new terminal and connect to the Redis server using redis-cli:

    redis-cli

    Try executing a simple command like PING:

    PING

    You should receive an error message:

    (error) NOAUTH Authentication required.

    This indicates that authentication is now required.

  4. Exit the redis-cli:

    To ensure the command is logged, exit the redis-cli by typing exit or pressing Ctrl+D.

    exit

    This is important for the verification step to work correctly.

Authenticating with the AUTH Command

Now that we've set a password, let's learn how to authenticate with the Redis server using the AUTH command. This command requires the password you set in the previous step.

  1. Connect to the Redis server using redis-cli:

    Open a terminal in the LabEx VM. The default directory is ~/project. Execute the following command:

    redis-cli

    You should see the 127.0.0.1:6379> prompt.

  2. Authenticate with the AUTH command:

    Use the AUTH command followed by the password you set earlier:

    AUTH mysecretpassword

    If authentication is successful, you'll see:

    OK

  3. Execute a command after authentication:

    Now that you're authenticated, try the PING command again:

    PING

    You should receive the expected response:

    PONG

  4. Exit the redis-cli:

    Exit the redis-cli by typing exit or pressing Ctrl+D.

    exit

Limiting Dangerous Commands

Redis offers many commands, but some might be risky in certain environments. While we cannot dynamically disable commands using CONFIG SET (as rename-command requires a server restart), we can demonstrate the concept of command security by showing how dangerous commands like FLUSHALL work and why they should be restricted in production environments.

  1. Connect to the Redis server using redis-cli:

    Open a terminal in the LabEx VM. The default directory is ~/project. Execute the following command:

    redis-cli

    You should see the 127.0.0.1:6379> prompt.

  2. Authenticate with the AUTH command:

    Authenticate using the AUTH command followed by your password:

    AUTH mysecretpassword

    You should see the OK output upon successful authentication.

  3. Create some test data to demonstrate the danger of FLUSHALL:

    SET testkey "important data"
SET anotherkey "more important data"

    Both commands should return OK.

  4. Verify the data exists:

    KEYS *

    You should see both keys listed:

    1) "testkey"
2) "anotherkey"

  5. Demonstrate the dangerous FLUSHALL command:

    Warning: This command will delete all data in all databases!

    FLUSHALL

    You should see:

    OK

    This command successfully deletes all data from all databases.

  6. Verify all data has been deleted:

    KEYS *

    You should see:

    (empty array)

    This demonstrates why FLUSHALL is considered dangerous and should be disabled in production by adding rename-command FLUSHALL "" to the redis.conf file.

  7. Exit the redis-cli:

    Exit the redis-cli by typing exit or pressing Ctrl+D.

    exit

Summary

In this lab, you have learned how to enhance Redis security. You set a password using CONFIG SET requirepass to prevent unauthorized access. You also learned how to authenticate using the AUTH command and demonstrated the dangerous nature of commands like FLUSHALL that can delete all data. In production environments, such dangerous commands should be disabled by adding rename-command FLUSHALL "" to the redis.conf file and restarting the Redis server. These steps are essential for securing your Redis server.

Related Redis Courses
Redis for Beginners

Redis for Beginners

databaseredis
Redis Intermediate to Advanced

Redis Intermediate to Advanced

databaseredis