[Pkg-owncloud-commits] [owncloud] 15/107: Add support for Redis password auth
David Prévot
taffit at moszumanska.debian.org
Thu Dec 17 19:40:31 UTC 2015
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch stable8
in repository owncloud.
commit a57f153ad78a82c815d3789357f43053f23a42ce
Author: Lukas Reschke <lukas at owncloud.com>
Date: Fri Oct 30 20:19:23 2015 +0100
Add support for Redis password auth
For enhanced security it is recommended to configure Redis to only accept connections with a password. (http://redis.io/topics/security)
This is especially critical since Redis supports the LUA scripting language and thus a simple SSRF vulnerability (as proven in http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ for example) may lead to a remote code execution.
---
config/config.sample.php | 5 +++++
lib/private/memcache/redis.php | 3 +++
2 files changed, 8 insertions(+)
diff --git a/config/config.sample.php b/config/config.sample.php
index 288e3a0..02e5aba 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -879,11 +879,16 @@ $CONFIG = array(
/**
* Connection details for redis to use for memory caching.
+ *
+ * For enhanced security it is recommended to configure Redis
+ * to require a password. See http://redis.io/topics/security
+ * for more information.
*/
'redis' => array(
'host' => 'localhost', // can also be a unix domain socket: '/tmp/redis.sock'
'port' => 6379,
'timeout' => 0.0,
+ 'password' => '', // Optional, if not defined no password will be used.
'dbindex' => 0, // Optional, if undefined SELECT will not run and will use Redis Server's default DB Index.
),
diff --git a/lib/private/memcache/redis.php b/lib/private/memcache/redis.php
index 2147779..83be662 100644
--- a/lib/private/memcache/redis.php
+++ b/lib/private/memcache/redis.php
@@ -56,6 +56,9 @@ class Redis extends Cache implements IMemcache {
}
self::$cache->connect($host, $port, $timeout);
+ if(isset($config['password']) && $config['password'] !== '') {
+ self::$cache->auth($config['password']);
+ }
if (isset($config['dbindex'])) {
self::$cache->select($config['dbindex']);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list