diff options
Diffstat (limited to 'sentinel.conf')
| -rw-r--r-- | sentinel.conf | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sentinel.conf b/sentinel.conf index 0e1b266ed..38b097254 100644 --- a/sentinel.conf +++ b/sentinel.conf @@ -194,3 +194,12 @@ sentinel failover-timeout mymaster 180000 # # sentinel client-reconfig-script mymaster /var/redis/reconfig.sh +# SECURITY +# +# By default SENTINEL SET will not be able to change the notification-script +# and client-reconfig-script at runtime. This avoids a trivial security issue +# where clients can set the script to anything and trigger a failover in order +# to get the program executed. + +sentinel deny-scripts-reconfig yes + |