check_binding_security

turbomcp_server::security_checks

Function check_binding_security 

Source 
pub fn check_binding_security<A: ToSocketAddrs + Debug>(addr: &A)
Expand description

Check if binding address is 0.0.0.0 (all interfaces)

Binding to 0.0.0.0 exposes the server on all network interfaces, which can be a security risk if authentication is not enabled.

This function:

  • Logs WARN if binding to 0.0.0.0 (all interfaces)
  • Silent for localhost bindings (127.0.0.1, ::1) - safe by default

§Security Guidance

§Production Deployment (NEVER use 0.0.0.0 without these)

  1. Enable Authentication:

    use turbomcp_server::ServerBuilder;

let server = ServerBuilder::new()
    .name("MyServer")
    .with_auth(auth_provider) // ✅ Required for 0.0.0.0
    .build();

  2. Use Specific Interface (Better):

    # Bind to specific private IP
server.run_http("10.0.1.5:8080").await?;

  3. Use Reverse Proxy (Best):

    # Bind to localhost, expose via nginx/traefik
server.run_http("127.0.0.1:8080").await?;

§Why 0.0.0.0 is Risky

  • Exposes on ALL network interfaces (eth0, wlan0, docker0, etc.)
  • Accessible from any network the host is connected to
  • Docker containers can access if not firewalled
  • Vulnerable to network-level attacks if firewall misconfigured

§When 0.0.0.0 is Acceptable

  • Local development with authentication enabled
  • Behind a firewall or in isolated network
  • Using a reverse proxy for TLS termination

§Example

use turbomcp_server::security_checks::check_binding_security;

// Safe: localhost binding
check_binding_security("127.0.0.1:8080", true);  // No warning

// Warning: all interfaces with auth
check_binding_security("0.0.0.0:8080", true);   // WARN log

// Error: all interfaces without auth
check_binding_security("0.0.0.0:8080", false);  // ERROR log