Skip to content

Commit

Permalink
doc: revise inspect security info in cli.md
Browse files Browse the repository at this point in the history
Revise inspect security information in cli.md.

* Reword sentence for brevity.
* Use bulleted list for clarity of options.
* Eliminate personal pronoun (_you_) per style guide.

PR-URL: #25779
Reviewed-By: Vse Mozhet Byt <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
  • Loading branch information
Trott authored and addaleax committed Feb 1, 2019
1 parent fd98d62 commit accb8ae
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions doc/api/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -246,9 +246,10 @@ Binding the inspector to a public IP (including `0.0.0.0`) with an open port is
insecure, as it allows external hosts to connect to the inspector and perform
a [remote code execution][] attack.

If you specify a host, make sure that at least one of the following is true:
either the host is not public, or the port is properly firewalled to disallow
unwanted connections.
If specifying a host, make sure that either:

* The host is not accessible from public networks.
* A firewall disallows unwanted connections on the port.

**More specifically, `--inspect=0.0.0.0` is insecure if the port (`9229` by
default) is not firewall-protected.**
Expand Down

0 comments on commit accb8ae

Please sign in to comment.