Bind OPA server to localhost interface by default #6286
Labels
Comments
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Oct 11, 2023
Currently OPA binds to the 0.0.0.0 interface by default, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services. Fixes: open-policy-agent#6286 Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Oct 12, 2023
Currently OPA binds to the 0.0.0.0 interface by default, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services. Fixes: open-policy-agent#6286 Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar
added a commit
that referenced
this issue
Oct 12, 2023
Currently OPA binds to the 0.0.0.0 interface by default, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services. Fixes: #6286 Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Oct 17, 2023
Currently OPA binds to the 0.0.0.0 interface by default, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services. This change also adds a new feature flag to `opa run` to allow users to enable future OPA v1.0 compatible behavior. Fixes: open-policy-agent#6286 Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Oct 17, 2023
Currently OPA binds to the 0.0.0.0 interface by default, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services. This change also adds a new feature flag to `opa run` to allow users to enable future OPA v1.0 compatible behavior. Fixes: open-policy-agent#6286 Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Oct 17, 2023
Currently OPA binds to the 0.0.0.0 interface by default, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services. This change also adds a new feature flag to `opa run` to allow users to enable future OPA v1.0 compatible behavior. Fixes: open-policy-agent#6286 Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Oct 17, 2023
Currently OPA binds to the 0.0.0.0 interface by default, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services. This change also adds a new feature flag to `opa run` to allow users to enable future OPA compatible behavior. Fixes: open-policy-agent#6286 Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar
added a commit
to ashutosh-narkar/opa
that referenced
this issue
Oct 18, 2023
Currently OPA binds to the 0.0.0.0 interface by default, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services. This change also adds a new feature flag to `opa run` to allow users to enable future OPA compatible behavior. Fixes: open-policy-agent#6286 Signed-off-by: Ashutosh Narkar <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By default, OPA binds to the 0.0.0.0 interface, which allows the OPA server to be exposed to services running outside of the same machine. Though not inherently insecure in a trusted environment, it's good practice to bind OPA to the localhost interface by default if OPA is not intended to be exposed to remote services.
The text was updated successfully, but these errors were encountered: