View Issue Details

IDProjectCategoryView StatusLast Update
0007235libeufinsandboxpublic2022-04-28 23:24
ReporterChristian Grothoff Assigned ToMS  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Summary0007235: libeufin sandbox binds by default to 0/all IPs
DescriptionThis seems to be a somewhat insecure default, and the Howto installation instructions don't even say how to avoid it.
I think we should by default only bind to localhost (::1 and 127.0.0.1), and require an override --bind=all, or --bind=$IP to change the bind to something else. That seems safer. Ditto for libeufin nexus (which I didn't test yet).
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2022-04-28 23:24 Christian Grothoff New Issue
2022-04-28 23:24 Christian Grothoff Status new => assigned
2022-04-28 23:24 Christian Grothoff Assigned To => MS