Improve default value for Allowed hosts of Trapper items

XMLWordPrintable

    • Type: Change Request
    • Resolution: Unresolved
    • Priority: Medium
    • 8.0.0alpha2 (master)
    • Affects Version/s: 6.0.43, 7.0.22, 7.4.5, 7.4.6, 8.0.0alpha1
    • Component/s: Frontend (F)
    • Sprint candidates

      The current Trapper item configuration contains an insecure default value for the Allowed hosts field. According to the documentation:

      List of comma-delimited IP addresses (optionally in CIDR notation) or DNS names.
      If specified, incoming connections will be accepted only from the hosts listed here.

      In the default configuration, without enforced encryption, anyone can push values. Proper and secure logic for the "Allow list" is "deny all unless explicitly set". Currently, it is the other way around.

            Assignee:
            Valdis Murzins
            Reporter:
            Vjaceslavs Bogdanovs
            Team B
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: