[Webkit-unassigned] [Bug 51364] Web Inspector: Remote Web Inspector for platform/mac
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 21 11:05:30 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=51364
--- Comment #16 from Ilya Tikhonovsky <loislo at chromium.org> 2010-12-21 11:05:30 PST ---
(In reply to comment #15)
> (In reply to comment #14)
> > Looks like you are enabling remote debugging at the system level.
> > I think in that case it'd be better to bind the socket only to localhost.
> > Otherwise it will be a security hole.
>
> That is something I've considered. However are there any specific concerns?
> Limiting remote debugging to localhost really limits its usefulness. My idea
> is that users would turn such a feature on and off as needed, and not leave
> it on all the time. And if they turn it on, it would be so they could debug
> from a different machine, not the local machine. But if the desire is to get
> the feature tested more thoroughly I would agree with that.
I mean the following use case:
1) the developer turn on this flag and forget about it forever;
2) someone with help of a port scanner finds such safari and steals cookies etc directly from the browser;
for cross machine debugging you can use ssh port forwarding etc.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list