Improve default value for Allowed hosts of Trapper items

XMLWordPrintable

    • Type: Change Request
    • Resolution: Unresolved
    • Priority: Medium
    • 8.0.0beta1 (master)
    • Affects Version/s: 6.0.43, 7.0.22, 7.4.5, 7.4.6, 8.0.0alpha1
    • Component/s: Frontend (F)
    • S26-W06/07, S26-W12/13, S26-W14/15, S26-W16/17, S26-W18/19
    • 1

      The current Trapper item configuration contains an insecure default value for the Allowed hosts field. According to the documentation:

      List of comma-delimited IP addresses (optionally in CIDR notation) or DNS names.
      If specified, incoming connections will be accepted only from the hosts listed here.

      In the default configuration, without enforced encryption, anyone can push values. Proper and secure logic for the "Allow list" is "deny all unless explicitly set". Currently, it is the other way around.

            Assignee:
            Maksym Snihach
            Reporter:
            Vjaceslavs Bogdanovs
            Team B
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:

                Estimated:
                Original Estimate - 24h Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 120.25h
                120.25h