Sorry for my English and my messages. They can be quite chaotic.
I reinstalled the Redis once more and I was able to add my password to
redis.conf file uncommenting the following entry and replacing foobared with my pass (Source).
# requirepass foobared
All was good until I run these commands using magento server user:
bin/magento setup:config:set --page-cache=redis --page-cache-redis-server=127.0.0.1 --page-cache-redis-db=1
bin/magento setup:config:set --cache-backend=redis --cache-backend-redis-server=127.0.0.1 --cache-backend-redis-db=0
bin/magento setup:config:set --session-save=redis --session-save-redis-host=127.0.0.1 --session-save-redis-log-level=3 --session-save-redis-db=2
I was asked I think to enter my pass but It didn’t work when I used auth my_redis_password.
I’m happy to send some screenshot to support it. The message.
For now, I disabled the password commenting it back with # but I’m planning to revisit it.
In the meantime can you pls inform me whether using not passworded Redis my site is exposed to an attack or the password secure the server only from someone who already hacked and has access to the server and can change its setting.
i.e. I or someone can access the server using magento server user and then try to change Redis setting?
You see the site works fast but I don’t want to make it unsecure.