tl;dr: @antirez just modified the default redis.conf so that it does not bind to the world. In a tradeoff between first-user experience and security, secure-by-default is the way to go.
Just a heads up: when you are freshly installing/configuring Redis from source, be sure to comment out "bind 127.0.0.1" if you wish to access Redis from other servers. (Some distributions, such as Debian/Ubuntu, change the default to bind to localhost only.)
Hopefully this change will minimize exposed Redis boxes with minimal impact. (note, memcache is open to the world by default as well.)
2 comments
[ 3.0 ms ] story [ 14.3 ms ] threadJust a heads up: when you are freshly installing/configuring Redis from source, be sure to comment out "bind 127.0.0.1" if you wish to access Redis from other servers. (Some distributions, such as Debian/Ubuntu, change the default to bind to localhost only.)
Hopefully this change will minimize exposed Redis boxes with minimal impact. (note, memcache is open to the world by default as well.)