Security: listen to 127.0.0.1 (localhost) instead on 0.0.0.0 (public) (…

…Chainlit#861) To enhace the application's security, the default host configuration should be altered to 127.0.0.1. The current setting, 0.0.0.0, permits connections from any external IP address, thereby widening the attack surface. This could lead to several security vulnerabilities, such as: * Denial of Service (DoS) Attacks: Attackers can inundate the system with an overwhelming number of requests, leading to service interruptions for legitimate users by exhausting the system's resources. * Man-in-the-Middle (MitM) Attacks: The open access makes it feasible for attackers to intercept and manipulate communications between two parties covertly. By changing the default host to 127.0.0.1, we limit connections exclusively to the local machine. This adjustment drastically minimizes these security risks and reinforces the application's defenses against potential cyber threats.
mauanga · Aug 23, 2024 · 0848977 · 0848977
1 parent 9d68215
commit 0848977
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,8 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
 
-Nothing unreleased!
+### Changed
 
+- changing the default host from 0.0.0.0 to 127.0.0.1  
+
 ## [1.1.403rc0] - 2024-08-13
 
 ### Fixed

diff --git a/backend/chainlit/config.py b/backend/chainlit/config.py
@@ -164,7 +164,7 @@
 """
 
 
-DEFAULT_HOST = "0.0.0.0"
+DEFAULT_HOST = "127.0.0.1"
 DEFAULT_PORT = 8000
 DEFAULT_ROOT_PATH = ""