翻墙被狗咬
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

禁用Redis危险命令

前言

今天在开发时候使用Redis,在清空自己使用db的时候手贱把 flushdb 自动补全成了 flushall

一个回车下去就将Redis完全清空了!所幸是测试环境!并没有造成太大的影响,只是给各位开发的同事造成了一些困扰。

悄悄嘀咕一下,我才没有差点被打死,只是破费被宰了一顿。

事后我经过深刻检讨自我反省!翻阅文档找到了预防此类事情再一次发生的办法;特此记录:


在Redis的配置文件中找到 SECURITY 区域!

################################## SECURITY ###################################

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared

# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.

Note:根据说明我们添加一个 rename-command 来实现危险命令重命名 或者 禁用

  1. 禁用

    rename-command KEYS ""

    rename-command FLUSHALL ""

    rename-command FLUSHDB ""

    rename-command CONFIG ""

  2. 重命名

    rename-command KEYS “骚年哟!吾王封印了 Keys 这个命令!去玩点别的吧”

    rename-command FLUSHALL “混蛋!你想死啊!居然敢清空所有DB!你这是准备删库跑路了吗!”

    rename-command FLUSHDB “立行禁止!”

    rename-command CONFIG “本大爷的配置你也敢动?”

以上完毕!