This is the only advice in this threads that actually solves the issue. Doesn't ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

eeZi on Sept 2, 2016 | parent | context | favorite | on: How to steal a developer's local database

This is the only advice in this threads that actually solves the issue.

Doesn't have to be SELinux, any of the frameworks will do. Or run it in a new network namespace.

semi on Sept 2, 2016 [–]

Sort of. It solves this specific attack.

If you were attacking a local webapp interface instead of a non-http daemon like redis, you would need your browser to be able to access the web service. At that point, this kind of attack would still allow an attacker to also access that web service.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact