Provide an option to disable certain risky Redis commands
As discussed in https://redis.io/topics/security, it is considered good practice to rename or remove certain commands from a Redis cluster.
This should be done for security reasons, but also for availability.
For example, if an application developer accidentally delivers a change which issues a KEYS
command, or if the KEYS
command is issued from a rogue script, it could bring down the Redis cluster.
There are recorded incidents of this happening on GitLab in the past.
This can be prevented to renaming the command to a random hex string which is then kept secret.
We should allow this option, of renaming KEYS
in Redis. It would be better if we did this by default, using a randomly generated string.
cc @estrike