Comment 2 for bug 234629
Revision history for this message
| Ralph Corderoy (ralph-inputplus) wrote Re: [Bug 234629] Re: supybot !web title leaks LAN HTTP servers to the channel | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
4d1350f
(Get the code!)
Hi bascule, thanks for pointing out the regex but it's hard or
impossible to concoct one that stops LAN access. Blocking numeric IP
addresses isn't sufficient. I argee this plugin is dangerous by default
and yet nowhere in the documentation, or during selection of this
plugin, does it warn the user to consider whether their network set-up
would be vulnerable. I think that's a bug that needs addressing.
Chatting on the supybot channel, I was told it should be obvious to
anyone that this can happen and that's what network DMZs exist for.
Well, it wasn't obvious to me since there's a lot of plugins and
considering the security implementations of each of them would take
hours.