|
|
|
|
|
|
by PeterisP
4712 days ago
|
|
|
Can you elaborate on why you equate this localtunnel to "removing all security" ? I haven't tried it, but it seems to forward a single port that's running service X that I want to make available on the net. Any way whatsoever of fulfilling that need (no matter if it's one button click or setting up a separate VM for that service) would involve making a hole in all relevant firewalls and making the (possibly buggy) service X available to everyone. Is the user goal of "making service X available to everyone" bad in itself? |
|
|
When you allow public connections to a service running on a machine, security for that entire machine now largely depends on that service. Are you 100% sure that your copy of Apache or Nginx is patched up to date? That the web app you just coded up won't allow arbitrary command execution? That the OS has no local privilege escalation vulnerabilities?
If you are using a web host or VPS, the risk is limited to the code you're testing. You could lose the whole machine and it's no big deal.
But if you've exposed your personal machine--with all your documents, files, settings, etc.--then you've got a lot more to lose if a bad guy gets in. Worst case is a rootkit install that collects all your passwords and sends them out.