Support Redis AUTH command #46
Comments
|
@timiblossom redis_auth is merged in twemproxy now. |
|
Any news on this ? Looks like it's been dropped. What's the recommended way of ensuring security, then ? |
|
@punkeel we still wait for a patch from anybody. By the way, this is a very week security. It is better that you still protect both your application and dynomite/redis in a safe network that can't be reached by an outsider. |
|
Not fixing this unless a requirement arises again. |
|
I've implemented this, but i have one question. That's two steps:
The question is: |
|
I think requirepass is a conf directive, Did you change that. Also I am not sure what kind of security you get when you are actually sending the password as plain text on the wire. |
|
Hello, Looks like @lampmanyao has implemented the feature but i didn't find anything in documentation regarding it. Has it been implemented ? If so, i can run some tests and update doc if you want. :) |
|
Hi, @axelfauvel |
|
It would be great to have this feature |
|
Hi, @axelfauvel P.S. I have not test completely yet. I will test this as soon as I can. |
|
great @lampmanyao thanks ! Please keep me posted :) |
|
Hello @lampmanyao, Any news on this one ? :) |
|
Hi @axelfauvel , I'm sorry about. I'm working on my own project (an iOS Personal-VPN) all the spare time. I only did a few tests, but it works for me. |
|
Hi @lampmanyao : I've tried on my side and it works like a charm !! :) Could you please do the PR so it can be packaged in a future release ? If you have no time, I can also handle the PR, you tell me. In advance, thanks |
|
Hi @axelfauvel, It's nothing better than this if you do the PR. I really have no time. |
|
@axelfauvel have you done the PR? Can I pull this feature from master branch? |
|
Any update here? Will dynomite support Redis auth? |
|
The PR is still open here : #576 |
This commit is based on orange-cloudfoundry@7aa41a4 from @axelfauvel in Netflix#576 and tries to close Netflix#46. Unfortunatelly the initial commit was already so old and the dynomite code base already evolved, that it was easier to not jump directly on this. Especically as there were some refactorings requested. Redis Datastore Authentification If Dynomite is configured to require a password via config option `requirepass` the following behaviour will be applied: 1. On Dynomite startup, the server authenticates with the backend itself by calling the datastore agnostic function g_datastore_auth. 2. The corresponding Redis response will be handeled in g_is_authenticated. Dynomite will exit if authentification to the datatstore was not successful. 3. Each newly created client connection will require authentification. 4. Clients can authentificate itself by issue the AUTH command against dynomite. 5. Dynomite will check the password and simulate an AUTH response. 6. If AUTH was successful, the auth_required flag on the connection is reset and the client can process further commands through this connection.
cleaning storage utilities
This commit is based on orange-cloudfoundry@7aa41a4 from @axelfauvel in Netflix#576 and tries to close Netflix#46. Unfortunatelly the initial commit was already so old and the dynomite code base already evolved, that it was easier to not jump directly on this. Especically as there were some refactorings requested. Redis Datastore Authentification If Dynomite is configured to require a password via config option `requirepass` the following behaviour will be applied: 1. On Dynomite startup, the server authenticates with the backend itself by calling the datastore agnostic function g_datastore_auth. 2. The corresponding Redis response will be handeled in g_is_authenticated. Dynomite will exit if authentification to the datatstore was not successful. 3. Each newly created client connection will require authentification. 4. Clients can authentificate itself by issue the AUTH command against dynomite. 5. Dynomite will check the password and simulate an AUTH response. 6. If AUTH was successful, the auth_required flag on the connection is reset and the client can process further commands through this connection.
…t/682daa32a80396f9522c390d9ffff277df3bd953.patch by W. Qiu) This commit is based on orange-cloudfoundry@7aa41a4 from @axelfauvel in Netflix#576 and tries to close Netflix#46. Unfortunatelly the initial commit was already so old and the dynomite code base already evolved, that it was easier to not jump directly on this. Especically as there were some refactorings requested. Redis Datastore Authentification If Dynomite is configured to require a password via config option `requirepass` the following behaviour will be applied: 1. On Dynomite startup, the server authenticates with the backend itself by calling the datastore agnostic function g_datastore_auth. 2. The corresponding Redis response will be handeled in g_is_authenticated. Dynomite will exit if authentification to the datatstore was not successful. 3. Each newly created client connection will require authentification. 4. Clients can authentificate itself by issue the AUTH command against dynomite. 5. Dynomite will check the password and simulate an AUTH response. 6. If AUTH was successful, the auth_required flag on the connection is reset and the client can process further commands through this connection.
This commit is based on orange-cloudfoundry@7aa41a4 from @axelfauvel in Netflix#576 and tries to close Netflix#46. Unfortunatelly the initial commit was already so old and the dynomite code base already evolved, that it was easier to not jump directly on this. Especically as there were some refactorings requested. Redis Datastore Authentification If Dynomite is configured to require a password via config option `requirepass` the following behaviour will be applied: 1. On Dynomite startup, the server authenticates with the backend itself by calling the datastore agnostic function g_datastore_auth. 2. The corresponding Redis response will be handeled in g_is_authenticated. Dynomite will exit if authentification to the datatstore was not successful. 3. Each newly created client connection will require authentification. 4. Clients can authentificate itself by issue the AUTH command against dynomite. 5. Dynomite will check the password and simulate an AUTH response. 6. If AUTH was successful, the auth_required flag on the connection is reset and the client can process further commands through this connection.
Suggested by @koenvandesande to port over Redis AUTH cmd support in twemproxy:
twitter/twemproxy@878822b
This patch looks good, but need some time to merge and test.
The text was updated successfully, but these errors were encountered: