Change to make "cljr swank" default to safer localhost #18

Open
wants to merge 1 commit into
from

Projects

None yet

1 participant

@hdurer

Please consider the simple change in my repo.

I never noticed this but http://www.learningclojure.com/2010/09/clojure-swank-server-is-insecure-by.html mentioned that clojure-swank has a dangerous default.

@hdurer hdurer Make swank command default to binding to localhost and add 2dn option…
…al argument which is the hostname to bind to.

The swank command used to bind to '0.0.0.0' by default, i.e. was open
to the world which is a dangerous default.  The default has now been
changed to 'localhost' which is safer.  The command now takes a second
optional argument which is the hostname to bind to -- pass '0.0.0.0'
to get the old behaviour.
94beeab
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment