How to Authenticate with Cyclone and Redis

953 views Asked by At

I am using the redis client for cyclone.

It's great the you can connect to a server with out a password but how can I connect to redis with a password? How do I modify the below code to authenticate?

t = cyclone.redis.lazyConnectionPool(host,port,db)

@cyclone.web.asynchronous
def on_finish(self):

    t = yield tt.multi()
    yield t.set('key', 'value')
    r = yield t.commit()
    print "commit=", repr(r)

Thanks

2

There are 2 answers

1
Not_a_Golfer On

the cyclone redis client has an auth method that you can send a password to, having set that password in redis.conf

def auth(self, password):
    """
    Simple password authentication if enabled
    """
    return self.execute_command("AUTH", password)

But be very careful before using redis auth. it's not really considered secure (by design) and should mostly be used just to protect instances against configuration errors causing a client to connect to the wrong database, not as a security method.

from the redis config doc:

# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
0
fiorix On

The redis driver in cyclone is txredisapi, and it does support authentication (amongst many other things). It is mentioned here: https://github.com/fiorix/txredisapi/blob/master/README.md#authentication

However, it does not play well with auto-reconnection, because authentication is not implemented in the Connection method. That means it wouldn't re-authenticate automatically after a reconnection.

It could be implemented, but people doesn't seem to use it.