Community
Participate
Working Groups
Currently when a port is specified through the -console option, there is no way to specify the host address, on which the port will be open. When the server socket to listen on this port is created, by default it opens the port on address 0.0.0.0. This results in the socket accepting connections on all of the local addresses (in the case of multiple local addresses). In this way it is not possible to restrict remote connections to a single address. This may lead to security issues when restrictions on the connections are necessary. Probably a new option / property should be introduced for specifying the host?
I would suggest the use of a colon for the -console option to separate the host from the port: -console [<host address>:]<port> Lazar, you have this opened against the framework. I assume you intend to have this fixed in the built-in framework console. Is it acceptable for you to fix this in the console running on top?
(In reply to comment #1) > I would suggest the use of a colon for the -console option to separate the host > from the port: > > -console [<host address>:]<port> > > Lazar, you have this opened against the framework. I assume you intend to have > this fixed in the built-in framework console. Is it acceptable for you to fix > this in the console running on top? Yes, I intended it to be fixed in the buildt-in console, since it will be used for production purposes throughout 3.7. In the other console I will add this feature - actually, in one of its versions prior to submitting it in the incubator, I implemented it as you suggest. I will shortly add it to the current version in the incubator as well, but this does not solve the issue in 3.7. The fix is rather small, will it be a problem to contribute it to the builtin console (in the ConsoleManager class) too?
(In reply to comment #2) > The fix is rather small, will it be a problem to contribute it to the > builtin console (in the ConsoleManager class) too? No problem, please provide a patch. Thank you!
Created attachment 186619 [details] Patch to restrict the local host address on which equinox listens for telnet connections This patch provides functionality for restricting the local address on which equinox listens for telnet connections. Currently it listens on all network interfaces.
I released the patch with a small change to print the host name to the console along with the port number.
Comment on attachment 186619 [details] Patch to restrict the local host address on which equinox listens for telnet connections Thanks for the patch!
Thanks!
*** Bug 337248 has been marked as a duplicate of this bug. ***