Closed escalope closed 6 years ago
bwbroersma
commented
6 years ago @escalope probably add a setting is a cleaner way to do this? I had it listening to 0.0.0.0 by default and wanted to restrict it to 127.0.0.1 (localhost), that's why I added the config.
escalope
commented
6 years ago Sure, the config solution is better.
Nevertheless, I have concerns about the default value. If it is 127.0.0.1, remote debugging will not work out of the box, even if the firewall is well configured. On the other hand, if it was 0.0.0.0, and the user is not aware that there is a listening port to the world, not just the local machine, it may raise security concerns.
Considering both, I would suggest to keep 127.0.0.1 as default value (not just host='', but explicitly host='127.0.0.1'), and also adding comments suggesting to switch it to 0.0.0.0 if the server hosting the php application is not localhost or it is within a virtual machine / docker container. Also to remind reviewing the firewall rules in the later case to allow the communication.
bwbroersma
commented
6 years ago I totally agree with changing it to a local default like 127.0.0.1 or localhost. My initial PR just leaves everything the same, but makes it configurable.
… multiple network cards and the php is running into another machine, this may derive into connection problems. To solve them, the bind must be made with 0.0.0.0 instead. This will bind the port into all available IPs of the host