The simplest example would be MongoDB Atlas. Which IP addresses do you allow in development? (Why can't it be secured by SSH in development? Also, considering you work on the move, using mobile hotspot, how do you deal with it?)
Harder example is self managed DO droplet / VPS. How much do allow for ufw allow $PORT/tcp, or ufw allow from $IP to any proto tcp port $PORT?
At least in Postgres + DigitalOcean, I have to allow in three (3) places.
# /etc/postgresql/12/main/pg_hba.conf
host all all 0.0.0.0/0 md5
My settings is actually host $DB $USER 0.0.0.0/0 md5, but what the heck is Subnet mask?
# /etc/postgresql/12/main/postgresql.conf
listen_addresses = '*'
sudo ufw allow 5432/tcp
But, isn't ALLOW ALL just bait for security hell?
Top comments (0)