rho web prints:
Rho web running at http://localhost:3141
but the server actually binds to 0.0.0.0, so it is reachable on other interfaces too (for example the machine’s public/static IP), not just localhost.
This is misleading and can create a security footgun, because users may assume the UI is only locally accessible.
I imagine the better UX would be to bind to localhost by default, and add a separate--host option
rho webprints:but the server actually binds to
0.0.0.0, so it is reachable on other interfaces too (for example the machine’s public/static IP), not just localhost.This is misleading and can create a security footgun, because users may assume the UI is only locally accessible.
I imagine the better UX would be to bind to localhost by default, and add a separate
--hostoption