Is it possible to add a policy for authentication. For example, using a regular expression to qualify the rules for configuring passwords
Comment From: madolson
@doufum Hey, we are currently thinking about build a security extension for Redis that adds more "enterprise" security controls. This sounds like a good candidate for that.
For my understanding, you are expecting to be able to create some type of "policy" that creates a regular expression. If a user supplies a password that does not meet that regular expression, you want to throw an error?
Comment From: doufum
Yes, I want to be able to configure the strength of the password, and it can be controlled by regular expression or other ways, if password is not satisfied, an error will be thrown on startup
Comment From: oranagra
I think this might be looking at redis passwords the wrong way (not the first time btw, since they're misnamed). the auth password in redis is more of a shared secret between two pieces of software (ideally generated with ACL GENPASS or alike). i'm not sure they're supposed to be something short that a person should remember, except for maybe testing infrastructure.
and anyway, even if they do, i think such validation (on password length etc), should reside in the software that configures redis (people aren't really add users to redis config file manually, right?)