🎙️
11

TIL that local dev server setup I had been using for 2 years was wrong

My buddy Dave, who's been coding for 5 years, looked at my laptop last night and pointed out I'd been running my test server on a shared port that could let other people on my wifi see my code. He said 'you're basically leaving your front door open with a sign that says come look at my unfinished work.' Has anyone else missed something basic like this for way too long?
3 comments

Log in to join the discussion

Log In
3 Comments
cole994
cole99419d ago
Wait are you running on something like port 3000 with 0.0.0.0 bind instead of localhost? I did this exact same thing for about a year. The fix is super simple, just change that host setting from 0.0.0.0 to 127.0.0.1 or localhost and it locks everything down to your machine only. Also check your firewall settings too, just in case you accidentally allowed that port through public networks (I definitely did, oops).
8
keith_rivera19
Ngl I did the exact same thing with a Node app a while back and had my whole dev server exposed to the world for like three months without realizing it. Thought I was being all clever with 0.0.0.0 bind so my phone could test stuff on the same WiFi, then my buddy texted me a screenshot of my local app page and I almost choked on my coffee. Firewall settings were a mess too, I had port 3000 wide open on public networks like an idiot. Guess I figured nobody would randomly scan my IP? Joke was on me.
1
shanem37
shanem3719d ago
Honestly man, cole994 said "the fix is super simple" but I'm wondering how many people actually bother to check that stuff before it becomes a problem. Like, when you first set up your dev environment, are you even thinking about security at all? I bet most people just grab a boilerplate config and roll with whatever defaults are in there. So my question is, did you ever actually test if someone outside your wifi could hit that port, or did you just assume you were safe because "nobody cares about my unfinished project"? Because I feel like that mindset is exactly how people end up with their entire database exposed on the internet for months.
1