076萌SNS
  • Login

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Olivier Forget (teleclimber@social.tchncs.de)'s status on Friday, 13-Jan-2023 05:58:09 JST Olivier Forget Olivier Forget
    • Deno

    #Deno is great but one fail is the design of the --allow-net flag.

    As best I can tell you can not allow outbound requests to arbitrary hosts and ports without allowing the script to create *listeners* on any IP and port. Yikes.

    I raised an issue about this in 2019(!) and it was stale-botted into oblivion.

    https://github.com/denoland/deno/issues/2705

    In a server environment, letting a script creeate listeners is really not a good #security practice...

    @deno_land any thoughts?

    In conversation Friday, 13-Jan-2023 05:58:09 JST from social.tchncs.de permalink

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.