-
Notifications
You must be signed in to change notification settings - Fork 488
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redis authentication support #11
Conversation
+1 this is super necessary. |
Thoughts about just passing in the clients that you call .auth on yourself? |
I want to avoid adding every single option redis could take. |
Understood, but from my point of view this is a fairly small change looking at the PR above, but saves a lot of time for anyone using this in a production instance, because essentially all redis production instances should be behind auth. I agree that not all options should be supported, but I feel that this one is a must. |
What tjsail33 said. +1 |
I think with all the script kiddies out there trying to get into our remote machines having an auth option encourages people to think about more auth, and that's a good thing, so I'm +1ing this |
On the surface it looks like a simple, 3 line patch, no-brainer to add. Enhances security and a clear developer need. But in reality, it makes a crucial error handling decision on behalf of the user. In this case you decide to throw an uncatchable exception that could bring down the process when authentication fails. This might be ok in many scenarios, but some users might want to catch that and handle it in a particular way… It's hard to encode all these scenarios into options passed in a hash. Now we need I think creating the redis clients on behalf of the user is already a mistake though. I did it in the interest of usability, but I'm considering removing it now. |
i'm very intersted in the socket.io adapter and I'm wondering how it would work without creating a client on behalf of the user. So you would pass in a connection object instead? |
Yep you can already do that by supplying |
Something we could do is expose the clients we create on behalf of the user as part of the adapter properties, pass along the |
I think just passing in clients is the way to go, instead of creating them for the user. I say that because some users already use the redis clients for other things too. |
How would I pass in the client? is there a sample you can show me? my redis server is remote and needs authentication. |
Here's how I do it:
OR
Finally,
|
@shantanuthatte thanks! |
+1 need this ! |
Please look at how @shantanuthatte did it. |
Support for authentication with Redis support with 'requirepass' set.