日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 运维知识 > 数据库 >内容正文

数据库

Redis禁用危险命令

發布時間:2025/3/15 数据库 24 豆豆
生活随笔 收集整理的這篇文章主要介紹了 Redis禁用危险命令 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

一: Redis線上不能使用危險的命令

1:keys *

雖然其模糊匹配功能使用非常方便也很強大,在小數據量情況下使用沒什么問題,數據量大會導致 Redis 鎖住及 CPU 飆升,在生產環境建議禁用或者重命名!

2:flushdb

刪除 Redis 中當前所在數據庫中的所有記錄,并且此命令從不會執行失敗

3:flushall

刪除 Redis 中所有數據庫中的所有記錄,不只是當前所在數據庫,并且此命令從不會執行失敗。

4:config

客戶端可修改 Redis 配置。

二:如何禁用或者重命名危險命令

1:看下 redis.conf 默認配置文件,找到 SECURITY 區域,如以下所示:

################################## SECURITY #################################### Require clients to issue AUTH <PASSWORD> before processing any other # commands. This might be useful in environments in which you do not trust # others with access to the host running redis-server. # # This should stay commented out for backward compatibility and because most # people do not need auth (e.g. they run their own servers). # # Warning: since Redis is pretty fast an outside user can try up to # 150k passwords per second against a good box. This means that you should # use a very strong password otherwise it will be very easy to break. # # requirepass foobared# Command renaming. # # It is possible to change the name of dangerous commands in a shared # environment. For instance the CONFIG command may be renamed into something # hard to guess so that it will still be available for internal-use tools # but not available for general clients. # # Example: # # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 # # It is also possible to completely kill a command by renaming it into # an empty string: # # rename-command CONFIG "" # # Please note that changing the name of commands that are logged into the # AOF file or transmitted to slaves may cause problems.

看說明,添加 rename-command 配置即可達到安全目的。

2:禁用命令

rename-command KEYS "" rename-command FLUSHALL "" rename-command FLUSHDB "" rename-command CONFIG ""

3:重命名命令

rename-command KEYS "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" rename-command FLUSHALL "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" rename-command FLUSHDB "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" rename-command CONFIG "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

上面的 XX 可以定義新命令名稱,或者用隨機字符代替。
經過以上的設置之后,危險命令就不會被客戶端執行了

新人創作打卡挑戰賽發博客就能抽獎!定制產品紅包拿不停!

總結

以上是生活随笔為你收集整理的Redis禁用危险命令的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。