Make opening port secure
bstone opened this issue · comments
We need to make sure this process is secure. I am going to talk to our network specialist.
As mentioned in the above reference, I have made the connection more secure. But I have to make a black list to prevent evil people from getting on the machine and running bad commands. In particular in the openServer
method, we need to create a simple test that will not allow people to define the variable data
with a runnable string, ie data = run "rm -rf ./"
. The reason for this is that we call value data
and value
is a dangerous method.
Forcing the connection to be on local host reduces the possibility of an attack, but it is still possible, especially on a server.