注意:绑定检查器到公共的“IP:端口”组合是不安全的


将检查器绑定到具有开放端口的公共 IP(包括 0.0.0.0)是不安全的,因为它允许外部主机连接到检查器并执行远程代码执行攻击。

如果指定主机,请确保:

  • 无法从公共网络访问该主机。
  • 防火墙不允许端口上不需要的连接。 更具体地说,如果端口(默认情况下为 9229)不受防火墙保护,则 --inspect=0.0.0.0 是不安全的。

有关详细信息,请参阅调试安全隐患章节。

Binding the inspector to a public IP (including 0.0.0.0) with an open port is insecure, as it allows external hosts to connect to the inspector and perform a remote code execution attack.

If specifying a host, make sure that either:

  • The host is not accessible from public networks.
  • A firewall disallows unwanted connections on the port.

More specifically, --inspect=0.0.0.0 is insecure if the port (9229 by default) is not firewall-protected.

See the debugging security implications section for more information.