my compliments
to the writer of the headline. A litteral aliteration of accolades Such unsyncopated silibance shows systemic skills. Mines the one with Rogets in pocket
NewsBlur, an RSS news reading app for the web and mobile devices, recently had one of its databases deleted thanks to an insecure default setting that has dogged developers using Docker since 2014. In a blog post this week, Samuel Clay, founder of NewsBlur, recounted how an unknown vandal deleted a database from his app's …
As a deciple of the BoFH philosophy, I can't believe I'm about to admit to knowing this, it makes me physically queesy:
This only happens if you actually forward the database port... If both DB and Frontend are containerised, then there is zero need to do that..
So it's not a fault of docker, more a poorly configured container...
"This only happens if you actually forward the database port... If both DB and Frontend are containerised, then there is zero need to do that..So it's not a fault of docker, more a poorly configured container..."
Completely agree. In a Docker container, you map host ports to container ports. It sounds like NewsBlur used someone else's Docker config without checking the details. I don't hold it against the chap; one feature of Docker is that you don't have to understand it in order to use it.
man docker-container-port
"Clay explains that the Uncomplicated Firewall (uwf) he enabled on his internal servers didn't work as expected on a new server because of an insecure Docker default."
Actually, his firewall did work as expected. Docker explains this in the documentation and this is a very common thing.
io_uring
is getting more capable, and PREEMPT_RT is going mainstream