camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trevv <...@safe-mail.net>
Subject Re: Hmm, that sounds like a security vulnerability.
Date Mon, 17 Nov 2008 09:24:50 GMT

Specifying "0.0.0.0" isn't as good as specifying null, because when you
specify null you allow Sun's engineers (current or future) to make the
decision.  They can choose to interpret null as meaning both INADDR_ANY
and IN6ADDR_ANY, and they can add IN8ADDR_ANY and IN9ADDR_ANY later.

I think requiring a person to specify "0.0.0.0" and "0:0:0:0:0:0:0:0"
explicitly would cause some unnecessary brittleness.

How about this convention?  "jetty:http://any:1234/myPath" in which
"any" or "ANY" means to specify null as the bindAddr, or to use one of
the ServerSocket constructors that don't require bindAddr.
-- 
View this message in context: http://www.nabble.com/Jetty-and-Mina%3A-how-to-bind-to-%22anylocal%22-AKA-%22wildcard%22-address--tp20475674s22882p20536134.html
Sent from the Camel - Users mailing list archive at Nabble.com.


Mime
View raw message