我有两台运行redis的服务器,一台是在VM中开箱即用的,一台是带有redis 2.2.12的旧Ubuntu(12.04),我用redis 2.8.19自己配置的新服务器,一个centos 7.我有一个带有redis的django应用程序在带有Client sent AUTH, but no password is set的centos服务器中失败,如果我转到redis-cli,我使用AUTH <anything>它会响应我同样的错误,这是好的然而,在ubuntu服务器中,如果我使用随机密码做同样的事情,它会说OK。这怎么可能?
在redis.conf文件中,都没有配置任何服务器进行身份验证。
答案 0 :(得分:0)
来自redis.conf:
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
因此,除非您设置requirepass,否则redis将接受任何未经身份验证的命令。