On Wednesday, December 17, 2014 8:59:24 AM UTC-8, Jens Alfke wrote: > > > On Dec 17, 2014, at 4:31 AM, Andrew <[email protected]> wrote: > > So can anyone connect to this port on Android if they know your IP ?? That > creates a bit of a security issue if you ask me... > > > Traun or JChris can give a definitive answer since one of them wrote the > code. My understanding is that the listener socket is bound only to the > loopback interface (127.0.0.1) so it's not reachable from another host. It > might still be reachable from another process running on the same device, > though, if it decided to run a port-scan on localhost (but again, don't > take my word for that.) >
Additionally on Android there is a random basic-auth token that must be passed with REST requests, to keep other apps from snooping on localhost. See allowedCredentials here. <https://github.com/couchbaselabs/Couchbase-Lite-PhoneGap-Plugin/blob/master/src/android/CBLite.java#L82> Chris > > —Jens > -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/8f57fa62-2d94-4b2a-8766-79020bca3644%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
