casbin-bot
commented
1 month ago @tangyang9464 @JalinWang @imp2002
Closed moemoequte closed 1 month ago
casbin-bot
commented
1 month ago @tangyang9464 @JalinWang @imp2002
hsluoyz
commented
1 month ago @moemoequte modify this line: https://github.com/casdoor/casdoor/blob/bfcfb56336799ff24068f06e7d1aaa214d75d4ff/main.go#L88
to: beego.Run(fmt.Sprintf("127.0.0.1:%v", port))
No need to add config, there are already too many configs.
It's listening to 8000 by default. But if you don't open that port in your OS, it will not be unsecure. So the root cause is still on YOU!
alfredosola
commented
1 week ago I have to disagree. Security is layered. Unless someone explicitly installs a firewall, casdoor will happily listen on http-alt and respond there. It should be safe by default, not requiring additional steps for hardening. Take a look e.g. at Debian's packaging of Mysql/MariaDB: it only listens on localhost by default.
I am currently using Casdoor and noticed that it only allows configuration of the listening port, defaulting to listen on
0.0.0.0. This setup makes it challenging to securely configure Casdoor behind an Nginx reverse proxy without exposing additional ports to the outside network.Issue Description:
0.0.0.0).Proposed Solution: I propose adding a configuration option that allows users to specify the listening host address. For instance, being able to set the host to
127.0.0.1would enable the application to only listen on the local machine, thus enhancing security when using reverse proxies like Nginx.Benefits:
I believe this feature would be beneficial for many users who are looking to secure their Casdoor deployments more effectively. Looking forward to your thoughts on this.
Thank you for considering this enhancement.