@@ -96,11 +96,11 @@ for two reasons:
96
96
97
97
The goal of the authentication layer is to optionally provide a layer of
98
98
redundancy. If firewalling or any other system implemented to protect Redis
99
- from external attackers fail , an external client will still not be able to
99
+ from external attackers fails , an external client will still not be able to
100
100
access the Redis instance without knowledge of the authentication password.
101
101
102
102
Since the [ ` AUTH ` ] ( /commands/auth ) command, like every other Redis command, is sent unencrypted, it
103
- does not protect against an attacker that has enough access to the network to
103
+ does not protect against an attacker who has enough access to the network to
104
104
perform eavesdropping.
105
105
106
106
## TLS support
@@ -110,6 +110,11 @@ client connections, replication links, and the Redis Cluster bus protocol.
110
110
111
111
## Disallowing specific commands
112
112
113
+ {{< warning >}}
114
+ The method is no longer recommended and may be deprecated in future versions.
115
+ Instead, you should use ACL rules to disallow specific commands.
116
+ {{< /warning >}}
117
+
113
118
It is possible to disallow commands in Redis or to rename them as an unguessable
114
119
name, so that normal clients are limited to a specified set of commands.
115
120
@@ -137,7 +142,7 @@ algorithm complexity on data structures implemented inside Redis internals.
137
142
An attacker could supply, via a web form, a set of strings that
138
143
are known to hash to the same bucket in a hash table in order to turn the
139
144
O(1) expected time (the average time) to the O(N) worst case. This can consume more
140
- CPU than expected and ultimately cause a Denial of Service.
145
+ CPU than expected and ultimately causes a Denial of Service.
141
146
142
147
To prevent this specific attack, Redis uses a per-execution, pseudo-random
143
148
seed to the hash function.
0 commit comments