Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bind to loopback address by default #4054

Merged
merged 1 commit into from
May 21, 2024
Merged

Bind to loopback address by default #4054

merged 1 commit into from
May 21, 2024

Conversation

gguillemas
Copy link
Contributor

@gguillemas gguillemas commented May 17, 2024
edited

Thank you for submitting this pull request! We really appreciate you spending the time to work on these changes.

What is the motivation?

To prevent SurrealDB users from accidentally exposing the service to an untrusted network. This is specially relevant for users running SurrealDB in cloud instances with publicly addressable network interfaces.

What does this change do?

Changes the default value for the --bind flag of the start subcommand from 0.0.0.0:8000 to 127.0.0.1:8000.

What is your testing strategy?

Ensure that existing tests work.

Is this related to any issues?

Does this change need documentation?

Yes, this needs an update on the CLI documentation page.

Have you read the Contributing Guidelines?

@gguillemas gguillemas added the topic:security This is related to security label May 17, 2024
@gguillemas gguillemas mentioned this pull request May 21, 2024
Merged
@gguillemas gguillemas marked this pull request as ready for review May 21, 2024 08:15
@gguillemas gguillemas requested a review from a team as a code owner May 21, 2024 08:15
emmanuel-keller
emmanuel-keller approved these changes May 21, 2024
View reviewed changes
Copy link
Contributor

@emmanuel-keller emmanuel-keller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gguillemas gguillemas added this pull request to the merge queue May 21, 2024
Merged via the queue into main with commit 5e33d4c May 21, 2024
24 checks passed
@gguillemas gguillemas deleted the gerard/default-bind-loopback branch May 21, 2024 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mumoshu mumoshu mumoshu approved these changes

@emmanuel-keller emmanuel-keller emmanuel-keller approved these changes

@tobiemh tobiemh tobiemh approved these changes

Assignees
No one assigned
Labels
topic:security This is related to security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature: Do not bind by default to 0.0.0.0
4 participants
@gguillemas @mumoshu @emmanuel-keller @tobiemh