Redis in Laravel - password protection

If redis is running on the same server as your laravel code - you're probably better making it bind to 127.0.0.1 only, if it isn't already.

Using the password is (afair) mostly there if you end up having to expose redis to the internet - which is generally a Bad Idea(tm).

Interesting. I am using Redis version where binding to localhost is enabled already by default. But I must say, I did not know, that it makes password unnecessary.

Thank you for pointing this for me. I still need to do more reading on this. Thanks again.

@ohffs How would you deploy Redis in production?

@Ruffles none of my redis instances are internet-facing so that saves a lot of hassle.

99% bind to localhost and are either directly used by code sitting on the same box, or have a very thin API wrapper round them if an external service needs to talk to them.

There are a few instances which are exposed on private networks which I do have passwords on "just in case" though. Given the speed you can hammer redis with and that the wire protocol isn't encrypted - it's more of a token gesture though.

Any ideas if I use Redis on AWS or any other hosting (except shared hosting)?

@Ruffles I don't use AWS I'm afraid :-/ But I seem to remember from toying with it that you could set up your own private networks that weren't internet-accessable. I've totally lost track of all the AWS terminology these days, but maybe this :

https://aws.amazon.com/vpc/ ("Host multi-tier web applications")

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html