You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Do not bind by default to 0.0.0.0. While it might make it easy to get started with surrealdb this listens to all interfaces and can be a huge security nightmare for folks not careful with and accidentally expose the db.
Describe the solution
Bind to other host by default such as 127.0.0.1
Alternative methods
Use --bind=127.0.0.1
SurrealDB version
1.1.1
Contact Details
No response
Is there an existing issue for this?
I have searched the existing issues
Code of Conduct
I agree to follow this project's Code of Conduct
The text was updated successfully, but these errors were encountered:
I agree on principle that the default interface to bind with should be the loopback interface and that binding to all interfaces should be explicitly requested by the user. Unfortunately, making this change in 1.X would break backward compatibility and we will have to wait for 2.X to implement it by default.
Some other authentication improvements have been likewise gated behind a feature flag to prevent breaking backward compatibility and will be enabled by default in 2.X. I will leave this issue open to ensure that we don't lose track of it and we change the default behavior as soon as we are able to push a breaking change.
Is your feature request related to a problem?
Do not bind by default to 0.0.0.0. While it might make it easy to get started with surrealdb this listens to all interfaces and can be a huge security nightmare for folks not careful with and accidentally expose the db.
Describe the solution
Bind to other host by default such as 127.0.0.1
Alternative methods
Use
--bind=127.0.0.1
SurrealDB version
1.1.1
Contact Details
No response
Is there an existing issue for this?
Code of Conduct
The text was updated successfully, but these errors were encountered: