Ditch Electron: Securing Local Socket Communications using Opaque Tokens

Part 3 of the ERTH Architecture Series: Preventing port-scanning attacks and local socket hijacking in multi-process desktop apps.

In the second part of this series, we built a self-healing Watchdog daemon in Bun to monitor and resurrect our Python sidecar backend (Robyn).

Now, our desktop app is extremely stable. But it is also extremely insecure.

You might think: "This is a desktop app running entirely on 127.0.0.1 (localhost). People from the internet can't access it, so why do I need security?"

This is a classic cognitive blind spot in desktop app development. In reality, your local loopback interface is shared globally by the operating system. Any script running in the user’s web browser (e.g., a malicious website they happen to visit) can aggressively scan local ports (from 10000 to 65535). Once it hits your Robyn sidecar's dynamic port, it can send unauthenticated POST requests to delete databases, read private files, or trigger system actions.