search

fregante / GhostText

👻 Use your text editor to write in your browser. Everything you type in the editor will be instantly updated in the browser (and vice versa).
https://GhostText.fregante.com
MIT License
3.25k stars 116 forks source link

is it secure to listen on *:4001 ? #306

Open Un1Gfn opened 6 months ago

Un1Gfn commented 6 months ago

vscode 1.85.1 on macOS Sonoma 14.2.1

sudo lsof -i -P | grep -i listen

I get *:4001 instead of localhost:4001.

I think the default shall be listening on localhost only.

Probably offering an option in extension settings that allows changing the IP address on which it listens.

fregante commented 6 months ago

Good question. I don’t think that was intentional since I didn't specify which host to respond to:

https://github.com/fregante/GhostText-for-VSCode/blob/6f8f5f2fa96cb7f7287c4eda6fc56ba7d9960115/source/server.ts#L50

The Sublime Text version also doesn't specify the host, but its default behavior might be different:

https://github.com/GhostText/GhostText-for-SublimeText/blob/8ace809a1788ce99268cd585ac5c6635e84320f1/GhostText.py#L74