Gorilla probably shouldn't allow non-local connections by default

[silasdavis]

I seem to be on a roll with all these issues...

This is actually proving to be handy for me right now, but is a bit of a security issue in general. If I start a gorilla repl on a machine connected to a network then anyone who can route to my ip address can access my session from elsewhere on the network. Obviously this allows them to run arbitrary code as my user on the host machine. It would be great to have a :host option ala lein repl:

http://stackoverflow.com/questions/22422820/connecting-to-a-headless-nrepl-running-in-a-docker-container-from-another-contai

But the default should be to not accept remote connections, if people are aware of the risks then they can manage their own firewall....

[JonyEpsilon]

Hi Silas, the issues are great - keep 'em coming!

I'd been viewing this as a firewall thing rather than a gorilla thing. But I think the argument that it would be better to default to local only, to protect those who aren't being careful enough with their network config, is persuasive.

[JonyEpsilon]

p.s. I don't think we need to implement full-blown IP filtering. It will probably be sufficient to have a binary option to either allow no remote connections (default) or any. Access control by IP could then be done at the firewall level. That keeps it simple.

[JonyEpsilon]

Closed in PR https://github.com/JonyEpsilon/gorilla-repl/pull/140