

Mod_redis - siculars
https://github.com/sneakybeaky/mod_redis

======
pjscott
Related: Webdis is a really slick HTTP interface for Redis.

<http://webd.is/>

~~~
joshbaptiste
Thank you for this comment sir, you just saved me some days of coding a
Python/Flask middleware application I was going to build to handle connections
between an in-house browser application and Redis, very cool indeed.

------
nagoo
Great stuff. Worth noting that nginx has something similar with HttpRedis if
nginx is more your kind of thing. <http://wiki.nginx.org/HttpRedis>

------
joshu
this seems really useful for mocking stuff up. imagine an app that's entirely
client-side.

i wonder if you can mix this with an auth module somehow.

it probably needs a way to do logging and/or multiple commands (you could send
a PUB message beforehand and log elsewhere)

~~~
buu700
Yeah, what would be really nice would be a light framework around this which
automatically handles authentication by hashing the username and password on
the client to a cookie and then just sends that cookie as an auth key with
each request to map to the relevant data.

There'd be no practical way of reproducing someone else's auth key without
knowing their username and password, so this setup would be basically secure
as long as the application is designed in such a way that either client-side
Redis requests are read-only or that it isn't dangerous for any user to have
write access to their own data.

~~~
joshu
yeah. i wonder how hard it is to combine modules like that.

you don't really even need an auth key, just a session key?

one other problem is csrf issues.

~~~
buu700
Well, my idea was to use the hash as a way to actually find the data, but I'm
sure there's a way to make it work with a session key too.

It looks like Webdis has support for basic access control, but I'm not 100%
clear on how well it would work for securely throwing database logic into the
client: <http://webd.is/#acl>

Also, while not related to Redis, this similar project looks pretty sexy:
<https://github.com/thurloat/httpdb>

\---

Edit:

I haven't tested Webdis, but since HTTPDB has a publicly available version for
testing, I decided to play around with it, and here's one way my auth key idea
could be made to work pretty simply:

[http://httpdbapp.appspot.com/set/address:AUTH/1000%20Wrong%2...](http://httpdbapp.appspot.com/set/address:AUTH/1000%20Wrong%20Way%0ANew%20York,%20NY%2010001%0AUnited%20States)

<http://httpdbapp.appspot.com/get/address:AUTH>

The main danger here is that it doesn't look like there's any sort of
protection against malicious users filling the database with junk data to run
up your GAE quota, or potentially overwriting non-private values and messing
up random parts of the application.

Also, I just noticed that the last commit was two years ago, so I'll look
around to see if something similar but more secure is out there.

