[wp-trac] [WordPress Trac] #56141: Enhance installer security
WordPress Trac
noreply at wordpress.org
Mon Sep 4 17:16:55 UTC 2023
#56141: Enhance installer security
--------------------------+-----------------------------
Reporter: smitka | Owner: (none)
Type: enhancement | Status: new
Priority: high | Milestone: Future Release
Component: Security | Version:
Severity: major | Resolution:
Keywords: dev-feedback | Focuses:
--------------------------+-----------------------------
Comment (by Michi91):
the localhost and 127.0.0.1 are allowed by default.
What about allowing all Private Adress Spaces? [https://www.rfc-
editor.org/rfc/rfc1918 rfc1918]
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
My prefered hoster has the mysql servers separated in 10.x.x.x and I can
imagine that there are quite a lot hosters with the scheme.
Hosters could overwrite this default setting with the env variable if they
would like to be more specified (and to make sure, that the bad guys dont
rent db-servers at the hoster for site specific attacs)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56141#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list