Skip to content

Commit 6aa21a4

Browse files
authored
Add future deprecation warning to rename-command
1 parent 1384274 commit 6aa21a4

File tree

1 file changed

+8
-3
lines changed
  • content/operate/oss_and_stack/management/security

1 file changed

+8
-3
lines changed

content/operate/oss_and_stack/management/security/_index.md

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,11 +96,11 @@ for two reasons:
9696

9797
The goal of the authentication layer is to optionally provide a layer of
9898
redundancy. If firewalling or any other system implemented to protect Redis
99-
from external attackers fail, an external client will still not be able to
99+
from external attackers fails, an external client will still not be able to
100100
access the Redis instance without knowledge of the authentication password.
101101

102102
Since the [`AUTH`](/commands/auth) command, like every other Redis command, is sent unencrypted, it
103-
does not protect against an attacker that has enough access to the network to
103+
does not protect against an attacker who has enough access to the network to
104104
perform eavesdropping.
105105

106106
## TLS support
@@ -110,6 +110,11 @@ client connections, replication links, and the Redis Cluster bus protocol.
110110

111111
## Disallowing specific commands
112112

113+
{{< warning >}}
114+
The method is no longer recommended and may be deprecated in future versions.
115+
Instead, you should use ACL rules to disallow specific commands.
116+
{{< /warning >}}
117+
113118
It is possible to disallow commands in Redis or to rename them as an unguessable
114119
name, so that normal clients are limited to a specified set of commands.
115120

@@ -137,7 +142,7 @@ algorithm complexity on data structures implemented inside Redis internals.
137142
An attacker could supply, via a web form, a set of strings that
138143
are known to hash to the same bucket in a hash table in order to turn the
139144
O(1) expected time (the average time) to the O(N) worst case. This can consume more
140-
CPU than expected and ultimately cause a Denial of Service.
145+
CPU than expected and ultimately causes a Denial of Service.
141146

142147
To prevent this specific attack, Redis uses a per-execution, pseudo-random
143148
seed to the hash function.

0 commit comments

Comments
 (0)