Hi,
after installing DB Connect and configuring it, I now have Java listening on all interfaces (Port 9999, 1090).
How can this be restricted to localhost?
thx
afx
What a crazy oversight, right? This isn't just some authenticated port that you can't do anything with or something someone would ever actually normally connect to from the outside. No, this thing opens up a very direct tunnel into the java server to the whole network using the Splunk custom command protocol. What?!?!
Splunk has been negatively impressing me regarding everything surrounding custom search commands (the DB Connect commands are implemented as such) and DB Connect is an especially hard-to-predict-hard-to-debug example.
While I can't answer your question directly, I can tell you what didn't work for me. I was hoping that setting the vmopts option -Daddress=127.0.0.1 or -Dserver.address=127.0.0.1 would help, since that's what works for some Spring Boot applications (which I'm not sure DB Connect is, but it might be).
Perhaps firewalling would work or network namespaces/containerization.
Hello everyone,
this topic is a bit older, but still relevant. I have opened a support case regarding this issue and discussed this security-related misconfiguration with the support team and developers. The result is that DB Connect version 4.2 will introduce a bindHost parameter for the DB Connect query server port to bind it to localhost. In addition, consideration is being given to encrypting communication via the query server port using TLS in future versions.
Regards,
SplunkingKnight