Security considerations¶
The CodeChat System performs most of its work using the CodeChat Server. This page discusses the security implications of running this server.
The server listens to three ports, as shown in Developer documentation:
The CodeChat service port runs an Apache Thrift server, which allows CodeChat extensions to render a file and perform other CodeChat-related functions.
The HTTP (webserver) port (see constants.py - Constants) runs a Bottle webserver, sending rendered files to the CodeChat Client.
The websocket port (also in constants.py - Constants) provide a two-way control and status communication channel between the CodeChat Server and a CodeChat Client.
These ports should never be exposed publicly; they provide an attacker significant access to the underlying computer’s filesystem. To mitigate this risk, the CodeChat Server by default only accepts connections from the computer it runs on, by binding only the LOCALHOST address defined in constants.py - Constants.
However, the server also supports an optional insecure mode, in which it bypasses this protection by allowing connections from any computer. For example, The Visual Studio Code CodeChat extension can run on a remote Docker container using the VS Code Remote Development toolset. In this mode, attackers allowed to connect to these ports will have access to the server’s filesystem.
To improve security, never expose these ports publicly.