Default listen address is the global address #24
Description
Describe the bug
Currently the installer provided server-start script runs starman with 0.0.0.0 as the listen address
On which operating system
on all supported systems
How did you invocate the installer (full installer command line)
./ledgersmb-installer install
To Reproduce
Steps to reproduce the behavior:
- run the installer
- run
ledgersmb/server-start - non SSL access to LedgerSMB server is now available to all devices that can access any IP the local machine.
- this is bad, especially if on a public wifi network etc.
Expected behavior
LedgerSMB server should only be available on the local machine unless the user is warned about the risks and explicitly chooses to override that behaviour
Convenience is never an excuse for poor security practices, but the user is GOD, and may shoot them selves in the foot anytime they choose, but that should require them to override default behaviour