Im a redis newbie but want to make sure everything is setup securely as we deal with medical info.
I have a few EC2 instances. One of which is a server that runs two redis instances, one for a dev server and one for production. It also runs a turnserver (which is accessible to the net).
The redis ports 6379 and 6380 are open only to the private network. But turnserver ports are open to the net.
My question is, If im using stunnel and certificates do I even need to use a redis AUTH passwords or is stunnel and certificates enough? My thought was that if redis was only accessible to the private net ssl is unnecessary, although it seems like a good idea to have a failsafe in the event the ports were inadvertently opened to the net. Still, are Auth passwords necessary?
