-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Epic Link:
As we start to roll out pilots on hardware that is not owned by, we should audit all of the HTTP and WebSockets endpoints exposed by the architecture, and make sure that
i) at the very least, they only listen on localhost interfaces,
ii) preferably, remove them in a production configuration and replace them with either IPC or direct function calls.
Our HTTP-based user listener interface was primarily intended for development purposes - both for ourselves, and as an assistance to people developing new varieties of user listener.
Currently known services:
i) user listeners
ii) the PSP channel
iii) the "browser channel"