I prefer IP binding instead of/in addition to requirepass to keep my instances off the Internet at large. However, enabling replication necessitates unbinding from localhost. Thus I think it would be best to allow binding to a list of IPs. I'm agnostic over whether this would be best specified via comma-delimited IPs or multiple bind directives.
+1 on this.
I've been exploring Redis as a potential security penetration vector and in a single day I've found >30 internet-facing servers running Redis on the standard port, including two very large and well known sites (both of which have been contacted about the issue).
People should be highly encouraged to specify a bind address and an AUTH key. It may even be prudent to make binding to a set of IPs mandatory, thus preventing the global-bind issue.
+1 from my side as well.
We have webclusters with multiple network-interfaces, one facing to the internet and one facing to the inner side. And I don't want to listen at all on the outside interface. But on localhost and the inner side. I think multiple bind-statements would be a good solution.
+1 on this
Another +1. I think it'll take Redis far.
Accepted and scheduled for 2.8. Thanks
You're the best!
@antirez It's been a while since I wrote C, but given enough time, I'd be willing to take a crack at a pull request here, if that was useful. (No worries if you'd prefer to handle it yourself!)
Would you want this implemented as multiple calls to bind(), or a single bind (to 0.0.0.0) with some sort of access control?
I think this is somewhat related to #551