search

taoensso / carmine

Redis client + message queue for Clojure
https://www.taoensso.com/carmine
Eclipse Public License 1.0
1.16k stars 131 forks source link

Please add SSL support for Redis connection ? #151

Closed eencdl closed 8 years ago

eencdl commented 8 years ago

In redis python client, there is a SSL option in redis.StrictRedis(host="remote_url",port=6379, db=0, ssl=True), which allow SSL connection to the redis server.

ptaoussanis commented 8 years ago

Hi there, I'm not sure I understand- why would you want an SSL connection to a Redis server?

Actually, I don't believe Redis supports SSL anyway - but maybe I'm misunderstanding what you have in mind?

eencdl commented 8 years ago

Hi there, It is more secure to access Redis via SSL especially if it is a remote Redis Server.You are right, Redis does not support SSL natively, but SSL can be introduced by the server via setting up stunnel. Here is more information: https://redislabs.com/blog/secure-redis-ssl-added-to-redsmin-and-clients#.VnOSBBorJR0 I originally use carmine but had to choose Jedis since Carmine does not support it. ThanksDon

Date: Thu, 17 Dec 2015 18:06:32 -0800 From: notifications@github.com To: carmine@noreply.github.com CC: eencdl@hotmail.com Subject: Re: [carmine] Please add SSL support for Redis connection ? (#151)

Hi there, I'm not sure I understand- why would you want an SSL connection to a Redis server?

Actually, I don't believe Redis supports SSL anyway - but maybe I'm misunderstanding what you have in mind?

— Reply to this email directly or view it on GitHub.

ptaoussanis commented 8 years ago

Hi there,

So a few observations:

  1. For security, the normal recommendation is against directly accessing a remote Redis server.
  2. If you do / need to for whatever reason, the normal recommendation is to use a tunnel.
  3. In that case, I'd recommend using a standard tunnel rather than trying to cram the SSL support into a Redis client.

As an aside: not sure why one would need/want something like a Redis cloud service - but if you're forced to use one for whatever reason, I'd still be skeptical of the approach they seem to be advocating here, sorry.

Trying to bring SSL support into a Redis client seems like it'd offer dubious value at the cost of complexity, possible security issues, and encouraging behaviour that I think should probably be discouraged.

Again, sorry I couldn't be of more help - it's quite possible I'm misunderstanding their motivation or approach here.

eencdl commented 8 years ago

Hi Peter, Remote redis server is useful when there are multiple webserver sharing cached data, (3) is not convenient solution in our case since we deploy our code to STORM. That's fine, I am happy to use and advocate Jedis rather than Carmine, since Jedis solves my issues nicely. Thanks for looking into the issue and quick response. Date: Thu, 17 Dec 2015 23:04:56 -0800 From: notifications@github.com To: carmine@noreply.github.com CC: eencdl@hotmail.com Subject: Re: [carmine] Please add SSL support for Redis connection ? (#151)

Hi there,

So a few observations:

  1. For security, the normal recommendation is against directly accessing a remote Redis server.
  2. If you do / need to for whatever reason, the normal recommendation is to use a tunnel.
  3. In that case, I'd recommend using a standard tunnel rather than trying to cram the SSL support into a Redis client.

As an aside: not sure why one would need/want something like a Redis cloud service - but if you're forced to use it for whatever reason, I'd still be skeptical of the approach they seem to be advocating here, sorry.

Trying to bring SSL support into a Redis client seems like it'd offer dubious value at the cost of complexity, possible security issues, and encouraging behaviour that I think should probably be discouraged.

Again, sorry I couldn't be of more help - it's quite possible I'm misunderstanding their motivation or approach here.

— Reply to this email directly or view it on GitHub.

ptaoussanis commented 8 years ago

No problem :-) Best of luck with your project!