Redis driver does not authenticate if connecting through UNIX socket (path) #730
Description
Configuration
-
PhpFastCache version:
8.0 -
PhpFastCache API version:
3.0 -
PHP version:
7.4 -
Operating system:
N/A
Describe the bug
The offending code is in /lib/Phpfastcache/Drivers/Redis/Driver.php starting on line 110
if (!$this->getConfig()->getPath()) {
if ($this->getConfig()->getPassword() && !$this->instance->auth($this->getConfig()->getPassword())) {
return false;
}
}The issue is that phpfastcache doesn't even try to authenticate with the password if connecting through UNIX socket. Redis allows passwords if connecting through a socket.
Of course on some security minded installations passwords will be in use despite the internal connection method. This would be a layer of security protecting Redis from rogue users or malware on the internal system.
Solution
I removed the if (!$this->getConfig()->getPath()) { check and redis connects as expected.
I think removing this check will allow the program to work as expected without unintended consequences. Please let me know if you'd like a PR.
Steps to reproduce
- Run your Redis instance through a UNIX socket
- Set a password in Redis
- Try to connect the driver in PHPFastCache using this code:
use Phpfastcache\CacheManager;
use Phpfastcache\Drivers\Redis\Config as RedisConfig;
$config = new RedisConfig();
$config->setPath("/path/to/socket.sock");
$config->setPassword("super_secret_password");
$cacheinstance = CacheManager::getInstance('redis', $config);