Hacker News new | past | comments | ask | show | jobs | submit login

-1 from me. 'localhost' is an artifact of a model of network computing that is no longer relevant; it's a special case of the general antipattern of network-topology sensitive design.

Back in the bad old days only a single user on a physical computer could log into a windows domain, because it was possible look up what user (singular) was on a host. Of course domain logins were also exquisitely sensitive to the nature of the network between client and server as well. It was a nightmare. Localhost is a product of that kind of thinking.

One-per-host resources that have to be shared across all users, security perimeters, vms, containers, etc. are an unwelcome headache. Of course, real systems don't actually share a localhost between all of these things, resulting in the even goofier concept of "which localhost do you mean?" That question was exactly why site-local addressing was deprecated from ipv6 https://tools.ietf.org/html/rfc3879

An actually portable standard for resolving well-known local entities would be great, but more special cases to try to fix the doomed localhost idea is a move in the wrong direction.




I guess the authors understand that "localhost" is not an ideal authentication mechanism, however, the fact is that many application do use it as such. And the reason why they decided to come up with the RFC, to at least fix this on the level of DNS resolvers.

(And I am not sure this thinking will ever be dead, it's kind of extension of notion of "territory" for physical objects, and you can still pretty safely assume that whatever is in my home is my own.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: