Okay, let's be fair, and I'm sure you realize this: having network ACLs that prevent unauthorized access is absolutely a good idea. "Internal networks" are not dead - they've become more advanced with "VPC" services and software defined networking.
Tunnelling Redis protocol over mutual TLS or something like that sounds like a good idea, but I don't think I've seen anyone doing that :(
Frankly, I would love it if there were a simple, open standard for authentication so every database didn't have to redo it. Maybe mutual TLS is that answer, though traditionally getting the infrastructure for that correct has been difficult.
Because if you make any mistake at all Redis will allow you shell access to the machine. This is not a theoretical attack Antirez tells you how to do it in his blog post.
And as you said, nobody bothers to tunnel with TLS. Your lucky if they even use a password.
Yeah exactly; which is why ideally, the container or box running Redis:
- Has practically nothing other than Redis on it.
- Has Redis running with minimal permissions and capabilities.
- Has no ability to make outgoing connections.
Which I'd say is vital security practice for anything running in production.
Few people will bother with TLS and you can see that based on the fact that I don't think cloud providers generally support it, but I personally did do this with stunnel at a time. Apparently Redis now recommends spiped, which looks good to me.
Tunnelling Redis protocol over mutual TLS or something like that sounds like a good idea, but I don't think I've seen anyone doing that :(
Frankly, I would love it if there were a simple, open standard for authentication so every database didn't have to redo it. Maybe mutual TLS is that answer, though traditionally getting the infrastructure for that correct has been difficult.