View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007235 | libeufin | libeufin-sandbox | public | 2022-04-28 23:24 | 2023-01-08 10:32 |
| Reporter | Christian Grothoff | Assigned To | MS | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Target Version | 0.9.0 | Fixed in Version | 0.9.0 | ||
| Summary | 0007235: libeufin sandbox binds by default to 0/all IPs | ||||
| Description | This seems to be a somewhat insecure default, and the Howto installation instructions don't even say how to avoid it. I think we should by default only bind to localhost (::1 and 127.0.0.1), and require an override --bind=all, or --bind=$IP to change the bind to something else. That seems safer. Ditto for libeufin nexus (which I didn't test yet). | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-04-28 23:24 | Christian Grothoff | New Issue | |
| 2022-04-28 23:24 | Christian Grothoff | Status | new => assigned |
| 2022-04-28 23:24 | Christian Grothoff | Assigned To | => MS |
| 2022-11-02 15:48 | MS | Note Added: 0019347 | |
| 2022-11-02 15:48 | MS | Status | assigned => resolved |
| 2022-11-02 15:48 | MS | Resolution | open => fixed |
| 2023-01-08 10:31 | Christian Grothoff | Fixed in Version | => 0.9.0 |
| 2023-01-08 10:31 | Christian Grothoff | Target Version | => 0.9.0 |
| 2023-01-08 10:32 | Christian Grothoff | Status | resolved => closed |
| 2023-04-13 20:26 | Florian Dold | Category | sandbox => libeufin sandbox |
| 2023-04-13 20:38 | Florian Dold | Category | libeufin sandbox => libeufin-sandbox |
