exozyme/exozyme
7
12
Fork 0
Code Issues 4 Pull requests Projects Releases 39 Wiki Activity

Many services use regular HTTP behind nginx and exozyme users may be able to view that traffic #82

New issue
Closed
opened 2021-12-23 17:32:37 +00:00 by a · 3 comments
a commented 2021-12-23 17:32:37 +00:00
Owner
Copy link

I think this is a pretty big security issue, but I'm not exactly sure if exozyme users are able to view the HTTP traffic. More investigation is definitely needed.

I think this is a pretty big security issue, but I'm not exactly sure if exozyme users are able to view the HTTP traffic. More investigation is definitely needed.
a added the
question
bug
security
help wanted
 labels 2021-12-23 17:32:37 +00:00
a added this to the (deleted) project 2021-12-23 17:32:37 +00:00
a added a new dependency 2022-01-04 22:53:50 +00:00
#87 Replace TCP sockets for our services with Unix sockets
a commented 2022-01-05 00:02:52 +00:00
Author
Owner
Copy link

We're currently using Unix sockets for many services but our permissions are pretty weak.

We're currently using Unix sockets for many services but our permissions are pretty weak.
a commented 2022-01-05 17:55:54 +00:00
Author
Owner
Copy link

I improved our Unix socket permissions which is being tracked in issue #87.

I improved our Unix socket permissions which is being tracked in issue #87.
a commented 2022-01-05 19:40:44 +00:00
Author
Owner
Copy link

It should be safe: https://stackoverflow.com/questions/522012/can-traffic-on-loopback-be-packet-sniffed#522046 https://security.stackexchange.com/questions/57230/encrypt-and-authenticate-localhost-traffic

It should be safe: https://stackoverflow.com/questions/522012/can-traffic-on-loopback-be-packet-sniffed#522046 https://security.stackexchange.com/questions/57230/encrypt-and-authenticate-localhost-traffic
a removed a dependency 2022-01-05 22:15:47 +00:00
#87 Replace TCP sockets for our services with Unix sockets
a closed this issue 2022-01-05 22:15:55 +00:00
a added the
wontfix
 label 2022-01-11 14:18:03 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v9.0
v8.8
v8.7
v8.6
v8.5
v8.4
v8.3
v8.2
v8.1
v8.0
v7.10
v7.9
v7.8
v7.7
v7.6
v7.5
v7.4
v7.3
v7.2
v7.1
v7.0
v6.1
v6.0
v5.1
v5.0
v4.2
v4.1
v4.0
v3.0
v2.5
v2.4
v2.3
v2.2
v2.1
v2.0
v1.3
v1.2
v1.1
v1.0
v0.3-beta
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
security

Security vulnerability

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: exozyme/exozyme#82
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?