The loopback address is a good idea for allowing communication locally, with software that can't use Unix sockets, like Java.
------------------------------ ✉ Eduard Martinescu <emartine...@salsalabs.com> | ✆ (585) 708-9685 | [image: http://www.salsalabs.com] <http://www.salsalabs.com/> - ignite action. fuel change. On Mon, Sep 21, 2015 at 6:34 PM, Thrawn <shell_layer-git...@yahoo.com.au> wrote: > > Does this mean that the TCP port is dangerous, or that the multiple > > instances of the socket is dangerous?? > > What is the danger with it? > > I believe the danger is that it may be externally visible, allowing outsiders > to start and stop your servers, add new backends and redirect traffic to > them, etc... > > It should be safe enough if the socket only listens on the loopback address, > but in that case, you may as well use Unix sockets. Otherwise, make sure that > you have strong authentication on the socket, a good firewall, and a trusted > network - and ask yourself whether you really need it. > > In some cases, it may be feasible to listen on the loopback address and > access it via an SSH tunnel. > >
