Peter Hansen <peter at engcorp.com> wrote in message news:<3F13034D.19A4C65 at engcorp.com>... > > If this is merely a "local webserver interface", then it should bind > to localhost only. Well, maybe this is how the question should be phrased. How best to securely and reliably "bind to localhost only" (spoof-proofly, etc.)?