diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-10-30 20:19:23 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-10-30 20:19:23 +0100 |
| commit | 78cad94ff4676ef401d2a75c8448f3726deefd18 (patch) | |
| tree | 670e3c8bc3e6a3fc6476786ae6f9702f58decabe /lib | |
| parent | 6911d8f0a4e688f3c84f2dd117424f887820750a (diff) | |
| download | nextcloud-server-78cad94ff4676ef401d2a75c8448f3726deefd18.tar.gz nextcloud-server-78cad94ff4676ef401d2a75c8448f3726deefd18.zip | |
Add support for Redis password auth
For enhanced security it is recommended to configure Redis to only accept connections with a password. (http://redis.io/topics/security)
This is especially critical since Redis supports the LUA scripting language and thus a simple SSRF vulnerability (as proven in http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ for example) may lead to a remote code execution.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/memcache/redis.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/private/memcache/redis.php b/lib/private/memcache/redis.php index 21477798059..83be662eabf 100644 --- a/lib/private/memcache/redis.php +++ b/lib/private/memcache/redis.php @@ -56,6 +56,9 @@ class Redis extends Cache implements IMemcache { } self::$cache->connect($host, $port, $timeout); + if(isset($config['password']) && $config['password'] !== '') { + self::$cache->auth($config['password']); + } if (isset($config['dbindex'])) { self::$cache->select($config['dbindex']); |