herocode/herodb
12
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

prevent unauthorized access to administrative db0 when connection to redis-cli

Browse Source
This commit is contained in:
Maxime Van Hees
2025-10-07 10:52:30 +02:00
parent 2139deb85d
commit a8720c06db
5 changed files with 525 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/cmds.md
View File

@@ -126,7 +126,9 @@ redis-cli -p 6381 --pipe < dump.rdb
## Authentication and Database Selection
HeroDB uses an `Admin DB 0` to govern database existence, access and per-db encryption. Access control is enforced via `Admin DB 0` metadata. See the full model in `docs/admin.md`.
Connections start with no database selected. Any storage-backed command (GET, SET, H*, L*, SCAN, etc.) will return an error until you issue a SELECT to choose a database.
HeroDB uses an `Admin DB 0` to govern database existence, access and per-db encryption. Access control is enforced via `Admin DB 0` metadata. See the full model in (docs/admin.md:1).
Examples:
```bash
@@ -145,4 +147,10 @@ redis-cli -p $PORT SELECT 2 KEY my-db2-access-key
# Admin DB 0 (requires admin secret)
redis-cli -p $PORT SELECT 0 KEY my-admin-secret
# → OK
```
```bash
# Before selecting a DB, storage commands will fail
redis-cli -p $PORT GET key
# → -ERR No database selected. Use SELECT <id> [KEY <key>] first
```