Nostr Web Client

easy way is on the system use dns server with rebinding protection (most do) and just disable ipv6. that just leaves simple input validation for ipv4 rfc1918/link-local, could just block ipv4 urls completely

Matt Hamilton [Maryland] 2y ago

nostr:npub1d0npefkxtfkcptjdawvwkfu58japhjfaljt4hqtpq2xqn8pt2nwqdjahqw nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 this is correct (and what I would recommend to a client/org) but this is a hard sell for FOSS projects where you don’t control the OS or network layer. Best OSS projects can do is include a bunch of init runtime checks for the vulns and warn that external (to the software) config changes need to be made for security.

Then you get 9,999 GitHub tickets asking “how do I enable DNS rebind protection for

Reply to this note

Please Login to reply.

Discussion

:niggy: 2y ago

no real way to protect against dns rebinding in a standard web app codebase unfortunately, it's a system-level issue. would have to handle dns resolution in the app itself which is impractical