禁用Redis危险命令

前言

今天在开发时候使用Redis，在清空自己使用db的时候手贱把 flushdb 自动补全成了 flushall

一个回车下去就将Redis完全清空了！所幸是测试环境！并没有造成太大的影响，只是给各位开发的同事造成了一些困扰。

悄悄嘀咕一下，我才没有差点被打死，只是破费被宰了一顿。

事后我经过深刻检讨自我反省！翻阅文档找到了预防此类事情再一次发生的办法；特此记录：

在Redis的配置文件中找到 SECURITY 区域！

################################## SECURITY ###################################

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared

# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.

Note：根据说明我们添加一个 rename-command 来实现危险命令重命名或者禁用

禁用

rename-command KEYS ""

rename-command FLUSHALL ""

rename-command FLUSHDB ""

rename-command CONFIG ""
重命名

rename-command KEYS “骚年哟！吾王封印了 Keys 这个命令！去玩点别的吧”

rename-command FLUSHALL “混蛋！你想死啊！居然敢清空所有DB！你这是准备删库跑路了吗！”

rename-command FLUSHDB “立行禁止！”

rename-command CONFIG “本大爷的配置你也敢动？”

以上完毕！