-
-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nudge towards better prefixes #225
Comments
Well considering that some users and/or hosters are using one Redis instance to host many sites the prefix or salt is also a security measure to prevent one site from reading from another. Sure there is ACL but this feature is too new to be widely adopted. We should definitely nudge users if they use problematic characters but the length should not be a concern in my opinion. |
For the record: Long prefixes provide ZERO security. To isolate customer data, each customer must have it's own Redis instance, or Redis 6 ACLs must be used. Should we not discourage this behavior? |
As I just run into the issue myself of conflicting prefixes, why not by default use the database name as prefix? This will ensure its always unique, at least on the same server and prevent conflicts when on a shared hosting people install the plugin and don't change the settings |
@ThaDaVos: That was discussed a few times. There is no way to technically accomplish this reliably inside the plugin. It has to be done by the user. |
Uhm... Using the database name can't reliably be done? |
The "salt" as "prefix" is a misleading naming convention. I keep seeing prefixes that are ridiculously long and contain all the characters.
Let's nudge users towards a cleaner prefix setup with examples in the UI, if theirs is quite long and contains many special characters.
rIT<~s5f$+w]!s&HL5tlGw|gLe13*/rGo= |u3!izQCQyx|VBeB5hw&#ZD,6GtaI
=>mysite:
The text was updated successfully, but these errors were encountered: