Hi all, quick question: When setting up a deployment environment you usually have to set the property er.extensions.WOHostUtilities.localhostips (usually in /etc/WebObjects/Properties) to ensure your applications accept incoming admin requests from wotaskd. This feels a little redundant, so I've made a slight modification in my fork of Wonder, looking up and registering the server's registered IP addresses by default — which can then be optionally overridden using that property (which I really think you'd rarely do, since I think usually all local IPs should be able to submit management requests. If someone can send malicious requests from your server's IP to your app's port, you probably have a bigger problem).
I'm still no security expert, so I'm just checking if anyone sees this as a bad idea/security issue, or if this can be safely kept and merged into Wonder. https://github.com/undur/wonder-slim/commit/1f6f71ae225485c49716278719e9066346a4b705 The change might not be huge, but it eliminates one of the steps when setting up a WO deployment environment, of which there already are quite a few (and that's eliminating a step that will bite you in the ass in a mysterious ways if you forget it or misconfigure it, given JavaMonitor's and wotaskd's aversion to error reporting). Cheers, - hugi _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
