According to the t-shirt ‘There’s no place like 127.0.0.1’ but one Google engineer queries just how secure this home is.
A Google engineer, Mike West, obviously doesn’t think that the 127.0.0.1 domain is secure enough. West has submitted a standards draft to the Internet Engineering Task Force (IETF) seeking to formalise treating localhost in a secure context.
In his draft, West wants to update RFC6761 so that the localhost domain and any names falling within it resolve to a loopback address. “This would allow other specifications to join regular users in drawing the common-sense conclusions that localhost means localhost” West insists “and doesn’t resolve to somewhere else on the network.”
Interesting read, but I’m left confused whether localhost is safe to use or not?
To quote from the article itself: “The existing internet standard for localhost already permits applications to recognise this special name, and to force it to refer to the local computer” Ducklin told SC. And does so without relying on any other software further down in the system to make that choice.”
So, in other words, yes it is safe to keep using localhost in the way it was intended. But ensure that you are doing so in a secure manner, as with all things…