From 94dfa9541934d0cfd52da5fa4ec19b4c62592edd Mon Sep 17 00:00:00 2001 From: Martin Rauscher Date: Sun, 26 Apr 2015 18:03:06 +0200 Subject: [PATCH] Prevent ALL access to $SYS from outside localhost. The structure of $SYS is pretty well known or can be guessed and can contain non-public information and therefore should be protected. --- rel/files/acl.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rel/files/acl.config b/rel/files/acl.config index 0d8962d49..e17d28cef 100644 --- a/rel/files/acl.config +++ b/rel/files/acl.config @@ -20,7 +20,7 @@ {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}. -{deny, all, subscribe, [{eq, "$SYS/#"}, {eq, "#"}]}. +{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}. {allow, all}.