Yes indeed it breaks non single machine setups, but since they are fewer (and probably better maintained) I've considered that opting for the safest choice by default would serve the most.
Added a second patch with your observations, that keeps the 0.0.0.0 default and only advises bind to localhost. Who is attentive enough will make the switch, as at least there would be a way to use non public addresses. Michael Koziarski wrote: > I'm a bit hesitant to apply at patch that will break my own deployments. > > Perhaps it should default to 0.0.0.0 and have the usage mention 'you > probably want to use 127.0.0.1? > > On 5/26/06, Dee Zsombor <[EMAIL PROTECTED]> wrote: >> Just a ping on this ticket >> >> http://dev.rubyonrails.org/ticket/5133 >> >> Adds "-a" option to spawner if the installed spawn-fcgi binary allows >> binding to a custom address. In case it does by default spawner will >> create fcgi listeners that bind to 127.0.0.1 only instead of the less >> secure 0.0.0.0. >> >> For single machine setups this adds security if possible, for multi host >> setups startup scripts will need to be changed explicitly (know it hurts >> and). >> >> best, >> Dee Zsombor -- Company - http://primalgrasp.com Thoughts - http://deezsombor.blogspot.com _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
