Hacker News new | past | comments | ask | show | jobs | submit login

Redis safe mode introduced in 3.2 reduced the problem but still folks actively misconfigure Redis before putting it in a public IP... Now there are ACLs in Redis 6 that will mitigate this even more, but it's a lost game, because images are created with installations of Redis that are made completely accessible on purpose.



Oh not blaming Redis in the slightest. Its one of my all time fav tools. Things are only secure as ppl configure them.

I don't even want to know how many elasticache Redis servers data are just unsecured on a public IP because it's so easy to configure that way.


^^^ this exactly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: