If you are using Redis, it's worth going over the sample configuration to see what can and can't be done. However, there are 3 settings in particular almost every production deployment of Redis should use:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command CONFIG ""
The above disables three powerful and dangerous commands. You could take it a step further and disable other questionable commands, like KEYS
, DEBUG SEGFAULT
and SAVE
.
If for some reason you need access to these commands in production, you can rename them to reduce the chance of accidentally typing them:
rename-command FLUSHDB FLUSHDB_ASD830KLKSADA