[dancer-users] Public web server by default is insecure
Gabor Szabo
gabor at szabgab.com
Tue Mar 17 05:58:29 GMT 2015
Interesting responses. I'll tell you the two issues that brought me to
writing this e-mail.
1) A long time ago when I was teaching at a company and told people to
install some CPAN module, during installation it wanted to open a port on
their computer to run the test. Some of the students were were surprised /
shocked on the security implications.
As I understand they had their firewall on their computer and the module
would not test itself without this.
We used the LAN in their lab which is considered less secure than their
internal LAN. Besides this could happen while I am on the road on a public
network.
I am not sure what module was that, or if Dancer2 shows this behavior
during installation but this issue stuck in my head.
2) I was looking at Flask and it by default it listens to localhost only
but right in the quickstart guide they show how to open
it to listen to every interface http://flask.pocoo.org/docs/0.10/quickstart/
Now that I read the response of Warren, I was reminded that actually the
fact that Dancer was listening to the outside world on my production server
bothered me, but then again, when I try to set it up on a remote server
first I always want to make sure that the Dancer application (maybe with
Starman) answers me and it is much more convenient if it listens to the
outside world. So I am not sure which one would I prefer.
Actually I think I know what I'd like, regardless the defaults: I'd like
the default configuration files to contain commented out entries for every
(or every important) parameter with short explanation and/or with link to
the longer explanation.
Gabor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.preshweb.co.uk/pipermail/dancer-users/attachments/20150317/cc17beee/attachment.html>
More information about the dancer-users
mailing list