[antirez]

I'm not sure how they implemented this, but there is a way to implement this in a sane way, which is as a separated process that is able to access Redis, but totally mediates the communication with it in a secure way.

So you install this daemon alongside your Redis servers deployment, and it calls home (to avoid opening ports at all) with SSL in order to establish a secure communication channel with the web app.

Every request received by the web app is then verified and sent to the Redis server only after validation.

[why-el]

This is what scout_realtime[1] does, more or less.

[1] https://github.com/scoutapp/scout_realtime

[itamarhaber]

Redsmin also offers the proxified approach - https://github.com/Redsmin/redsmin

[antirez]

It is interesting that this is open source and BSD licensed, so in theory RedisGreen could use the same stuff as well and join the effort. This is the common part of the infrastructure that makes somewhat sense to develop together.