search

rshf / chromedriver

Automatically exported from code.google.com/p/chromedriver
2 stars 1 forks source link

Securing chromedriver port #724

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
BY default chromedriver binds port to all IPs (0.0.0.0) , there is no way to 
override it. In secure env this often becomes a security issue, where in from 
remote machine somebody can control chromedriver. Can we have command line 
argument (or System property) by which host ip is overridden?

However chrome's adb port is binded to 127.0.0.1 hence accessible from only 
local machine. Little secure

Original issue reported on code.google.com by rohit.wa...@gmail.com on 4 Mar 2014 at 6:10

GoogleCodeExporter commented 9 years ago 
It will be good if we can support https port to. Required I can submit a patch 
for this

Original comment by rohit.wa...@gmail.com on 11 Mar 2014 at 1:36

GoogleCodeExporter commented 9 years ago

Original comment by samu...@chromium.org on 21 Feb 2015 at 12:18

GoogleCodeExporter commented 9 years ago 
Sorry for the late response.

As of 2.10, it only binds to the local host by default. You can pass the 
--whitelisted-ips=w.x.y.z switch to ChromeDriver to add other hosts.

HTTPS support in ChromeDriver would be useful, but the WebDriver language 
bindings don't support it. How were you planning to access it?

Original comment by samu...@chromium.org on 30 Mar 2015 at 11:13

GoogleCodeExporter commented 9 years ago

Original comment by gmanikp...@chromium.org on 14 Apr 2015 at 11:10