I’ve been using Redis lately on one of my side projects, but I keep finding myself limited by the lack of SSL encryption. Redis a distributed memory cache is a newer service that at this time does not support SSL connections. There are many commonly used services that either do not support SSL encryption or that option is rarely used. These attackers can often be quite crafty on the ways they get this data, many times they do it by gaining access to a database but another common place to capture and steal data is through unencrypted network traffic. With more and more internet based services becoming part of peoples lives, there is even more targets for attackers who are looking to get sensitive data. In the past these types of attacks still happened, but there was not as many attacks as today and when they happened they were kept secret. Sometimes these data breaches have allowed attackers to gather unencrypted passwords or credit card numbers. Lately if you have been paying attention to tech or even mainstream media you might have seen a few stories about data breaches. The following post had originally appeared on Benjamin Cane’s Blog on February 18th, 2014 at Sending redis traffic through an SSL tunnel with stunnel. Naturally, this is the Do-It-Yourself hardcore approach, so if you want to have Redis and SSL without the heavy lifting, check out our plans and Redis clients that natively support SSL.
#Aws stunnel how to
The following article explains how to set up a secure (read authenticated and encrypted) communication channel between your Redis client and server using stunnel. There are several ways you could go about that, such as firewalling your Redis or using spiped, but (post- Heartbleed) SSL is still one of my favorites.
the AUTH command) only gets you so far and in some cases you need something a little stronger. What do you do if you want to secure access to your Redis? Plain password authentication (i.e. Securing Redis Client and Server with Stunnel
0 kommentar(er)
