11th
List of blocked ports in Safari
One of my colleagues likes to use port 6667 for his development environment. As in, when he tests his code, he connects to a url like https://dev.example.org:6667/
He recently noticed that Safari and Google Chrome restrict access to that port. Apparently when you allow a browser to connect to arbitrary ports, an attacker can craft a form that will submit arbitrary data to any port. I mean, duh, right? That’s why internet services should require authentication, something we’ve known since the 90s. But Mozilla’s page on the topic gives the example of submitting email directly to a mail server behind your firewall, which is apparently a problem for someone, somewhere. So they block a bunch of ports in the browser.
Since you can’t disable the port restrictions in WebKit (like you can in Firefox), developers should know what ports are blocked so that they don’t try to put web services on them. You can find the full list of restricted ports in Safari by looking at the WebKit source code file KURL.cpp. Search for “blockedPortsList”. It’s currently at line 1705 but that will change.
Looks like my colleague will need to pick a new favorite port number, like 5234 or something.
