Return-Path: Delivered-To: apmail-activemq-camel-user-archive@locus.apache.org Received: (qmail 6519 invoked from network); 19 Nov 2008 09:00:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Nov 2008 09:00:02 -0000 Received: (qmail 4937 invoked by uid 500); 19 Nov 2008 09:00:10 -0000 Delivered-To: apmail-activemq-camel-user-archive@activemq.apache.org Received: (qmail 4843 invoked by uid 500); 19 Nov 2008 09:00:10 -0000 Mailing-List: contact camel-user-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: camel-user@activemq.apache.org Delivered-To: mailing list camel-user@activemq.apache.org Received: (qmail 4832 invoked by uid 99); 19 Nov 2008 09:00:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2008 01:00:10 -0800 X-ASF-Spam-Status: No, hits=2.6 required=10.0 tests=DNS_FROM_OPENWHOIS,NORMAL_HTTP_TO_IP,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2008 08:58:45 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1L2iuH-000334-51 for camel-user@activemq.apache.org; Wed, 19 Nov 2008 00:59:29 -0800 Message-ID: <20575883.post@talk.nabble.com> Date: Wed, 19 Nov 2008 00:59:29 -0800 (PST) From: Trevv <456@safe-mail.net> To: camel-user@activemq.apache.org Subject: Re: Hmm, that sounds like a security vulnerability. In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: 456@safe-mail.net References: <20475674.post@talk.nabble.com> <5380c69c0811122315r8004126q4d72e8290e18606e@mail.gmail.com> <20477096.post@talk.nabble.com> <491C1FB8.30100@skynet.be> <20494645.post@talk.nabble.com> <20536134.post@talk.nabble.com> <20556161.post@talk.nabble.com> <5380c69c0811180138vcdbd033t5eff5afe41cf2f40@mail.gmail.com> <3BEE72B5-71ED-46B6-ABCF-2A2197EE22DE@gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org I agree that Claus's idea would solve the problem. "Anylocalhost" isn't quite right, but I think "anylocal" or "anylocaladdress" or "allinterfaces" would be good. RomKal wrote: > But if you can address an endpoint (I believe you can) exposed with > jetty:http://0.0.0.0:80/ with IPv6 then flag is not needed so > definitely -1. > > If someone knows it already, lets respond. Otherwise I'll try to > verify it soon at home (as here I don't have IPv6 at all). I don't think this is something that you can verify by testing, because it might be implemented differently in different operating systems. I did a quick Web search, and the most relevant comment that I found was this one, by an OS engineer at Sun: Kacheong Poon wrote: > > To make it easy for porting application from using IPv4 to IPv6, > an interesting feature was introduced. An IPv6 socket is allowed > to receive both IPv4 and IPv6 traffic by default. For example, an > IPv6 TCP listening socket bind() to unspecified address and port > x can receive connection requests from both IPv4 and IPv6 remote > hosts to port x. While porting is made easier, this is actually > not "strictly correct." Logically, IPv4 and IPv6 port spaces for > transport protocols should be separate, hence this check in the > code. > > > http://mail.opensolaris.org/pipermail/networking-discuss/2005-November/011586.html > [networking-discuss] Solaris socket bind() behavior In other words... it's complicated. That's why I think that the smartest thing to do, if you just want a normal serversocket, is to leave the bind address as null, and let Sun's Java engineers decide what to do, instead of trying to find a non-null string that you think will have the same effect that null would have. On the other hand... having to specify both 0.0.0.0 and [::] is unfortunate, but not a disaster. So I don't really need a fix. -- View this message in context: http://www.nabble.com/Jetty-and-Mina%3A-how-to-bind-to-%22anylocal%22-AKA-%22wildcard%22-address--tp20475674s22882p20575883.html Sent from the Camel - Users mailing list archive at Nabble.com.