How secure is your localhost domain? Hint – it may not be what it says

According to the t-shirt ‘There’s no place like 127.0.0.1’ but one Google engineer queries just how secure this home is.

A Google engineer, Mike West, obviously doesn’t think that the 127.0.0.1 domain is secure enough. West has submitted a standards draft to the Internet Engineering Task Force (IETF) seeking to formalise treating localhost in a secure context.

In his draft, West wants to update RFC6761 so that the localhost domain and any names falling within it resolve to a loopback address. “This would allow other specifications to join regular users in drawing the common-sense conclusions that localhost means localhost” West insists “and doesn’t resolve to somewhere else on the network.”

Click here to read complete article

2 thoughts on “How secure is your localhost domain? Hint – it may not be what it says

  • August 11, 2017 at 8:06 AM
    Permalink

    Interesting read, but I’m left confused whether localhost is safe to use or not?

    Reply
  • August 11, 2017 at 8:39 AM
    Permalink

    To quote from the article itself: “The existing internet standard for localhost already permits applications to recognise this special name, and to force it to refer to the local computer” Ducklin told SC. And does so without relying on any other software further down in the system to make that choice.”

    So, in other words, yes it is safe to keep using localhost in the way it was intended. But ensure that you are doing so in a secure manner, as with all things…

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *