Possible binding to all interfaces.
49 PICKLE_RECEIVER_INTERFACE='0.0.0.0',
50 PICKLE_RECEIVER_PORT=2004,
51 MAX_RECEIVER_CONNECTIONS=float('inf'),
52 CACHE_QUERY_INTERFACE='0.0.0.0', 53 CACHE_QUERY_PORT=7002,
54 LOG_UPDATES=True,
55 LOG_CREATES=True,
Possible binding to all interfaces.
46 ENABLE_UDP_LISTENER=False,
47 UDP_RECEIVER_INTERFACE='0.0.0.0',
48 UDP_RECEIVER_PORT=2003,
49 PICKLE_RECEIVER_INTERFACE='0.0.0.0', 50 PICKLE_RECEIVER_PORT=2004,
51 MAX_RECEIVER_CONNECTIONS=float('inf'),
52 CACHE_QUERY_INTERFACE='0.0.0.0',
Possible binding to all interfaces.
44 LINE_RECEIVER_INTERFACE='0.0.0.0',
45 LINE_RECEIVER_PORT=2003,
46 ENABLE_UDP_LISTENER=False,
47 UDP_RECEIVER_INTERFACE='0.0.0.0', 48 UDP_RECEIVER_PORT=2003,
49 PICKLE_RECEIVER_INTERFACE='0.0.0.0',
50 PICKLE_RECEIVER_PORT=2004,
Possible binding to all interfaces.
41 MAX_CREATES_PER_MINUTE=float('inf'),
42 MIN_TIMESTAMP_RESOLUTION=0,
43 MIN_TIMESTAMP_LAG=0,
44 LINE_RECEIVER_INTERFACE='0.0.0.0', 45 LINE_RECEIVER_PORT=2003,
46 ENABLE_UDP_LISTENER=False,
47 UDP_RECEIVER_INTERFACE='0.0.0.0',
Description
Binding to all network interfaces can potentially open up a service to traffic on unintended interfaces, that may not be properly documented or secured. This can be prevented by changing the code so it explicitly only allows access from localhost.
When binding to 0.0.0.0
, you accept incoming connections from anywhere. During development, an application may have security vulnerabilities making it susceptible to SQL injections and other attacks. Therefore when the application is not ready for production, accepting connections from anywhere can be dangerous.
It is recommended to use 127.0.0.1
or local host during development phase. This prevents others from targeting your application and executing SQL injections against your project.
Bad practice
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0, 31137)) # Binding to all interfaces
Recommended
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('127.0.0.1', 31137)) # Binding to local host
```
References:
- OWASP Top 10 2021 Category A05 - Security Misconfiguration