Anyone see any value in making the default CIDR (0.0.0.0/0) a bit stricture for default

dagster-aws

? You could prompt via

click

with something like:

1) 0.0.0.0/0
2) whatever ip detected via requests.get("<https://wikipedia.com>").headers.get('X-Client-IP')
3) enter IP(s)

I don’t mind throwing up a PR, but wanted to make sure there was interest. I get there’s a decent disclaimer in the docs, but people forget this stuff is up and all sorts of other human things.

yeah that sounds reasonable - assume you’re thinking of detecting the user’s IP somehow and plugging that in there?

Yeah, there are sites designed more for “hit me and i’ll give you the ip you’re requesting with in json” but i’ve always used the above wikipedia trick. Something about my precious little packets going to some stranger like that… open to suggestions, though. In the end, you’re correct. The endgame is to give a default install a chance at being secure. I really like the project, and i really don’t want bad press over someone leaving an install open and something happening, either.

yes, I should be able to get that in by tomorrow - there’s a way to pull the phab branch from github based on the diff ID, but I’m AFK now and don’t remember exactly where to find the right ID to pull :)

you can grab the commits directly from the

Commits

tab in the

Revision Content

section on the diff page in phabricator