Timeline for Why should we not use port 80 during development?
Current License: CC BY-SA 4.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 25, 2021 at 9:00 | history | tweeted | twitter.com/StackSoftEng/status/1452560582532546560 | ||
| Oct 21, 2021 at 8:16 | vote | accept | Antony Woods | ||
| Oct 20, 2021 at 18:19 | answer | added | JimmyJames | timeline score: 4 | |
| Oct 20, 2021 at 17:53 | comment | added | JimmyJames | @RobertHarvey Maybe I'm missing something but from what I can tell, a port needs to be exposed regardless. The question is whether that port is bound to one that requires root access. The 'right way', as I understanding it is to bind and then change the owner of the process to a user with minimized privileges. I don't see why you couldn't do that in development. I can understand why you wouldn't want to bother with that though. | |
| Oct 20, 2021 at 17:08 | comment | added | Robert Harvey | @JimmyJames: The principle there is that the development environment should be a "safe" one. Why expose public ports unnecessarily? This is, of course, also true of production environments, but the developer really shouldn't have to worry about being hacked in a development environment. | |
| Oct 20, 2021 at 15:35 | comment | added | JimmyJames | @amon I would argue that running any server as root is a security risk. It greatly increases the potential impact of a vulnerability. The idea that doing it in development is somehow worse in than in production seems strange to me. | |
| Oct 20, 2021 at 14:42 | comment | added | Robert Harvey | @amon: That's as good an answer as any. | |
| Oct 20, 2021 at 14:41 | history | edited | Robert Harvey | CC BY-SA 4.0 |
edited tags
|
| Oct 20, 2021 at 14:39 | comment | added | Vincent Savard | @AntonyWoods Your question concerns software engineering practices, is concise, and is clear, so +1 from me. If anything, you might want to juggle a bit with your tags as they all seem to be quite inactive (I'm not sure which one would be better, but I'd at least remove [nginx] as it does not seem relevant to your question). | |
| Oct 20, 2021 at 14:01 | comment | added | Antony Woods | I have no idea why this question is being downvoted. Please can you elaborate in the comments? | |
| Oct 20, 2021 at 12:35 | review | Close votes | |||
| Oct 25, 2021 at 3:04 | |||||
| Oct 20, 2021 at 11:25 | history | edited | Antony Woods | CC BY-SA 4.0 |
noted that nginx is containerised
|
| Oct 20, 2021 at 11:09 | comment | added | amon | That ports < 1024 are reserved for root is not a historic limitation, it's still the case. You'd have to run your development nginx as root to bind to that port. Running development workloads as root is a bad idea, since misconfigurations could break the system. This probably doesn't matter if you're running nginx in a container though. | |
| Oct 20, 2021 at 10:56 | history | asked | Antony Woods | CC BY-SA 4.0 |