back to article Digital delinquent deletes developer's database during disastrous Docker deployment, defaults damned

NewsBlur, an RSS news reading app for the web and mobile devices, recently had one of its databases deleted thanks to an insecure default setting that has dogged developers using Docker since 2014. In a blog post this week, Samuel Clay, founder of NewsBlur, recounted how an unknown vandal deleted a database from his app's …

  1. Denarius Silver badge

    my compliments

    to the writer of the headline. A litteral aliteration of accolades Such unsyncopated silibance shows systemic skills. Mines the one with Rogets in pocket

    1. Jimmy2Cows Silver badge
      Coat

      Re: my compliments

      I think you left your coat behind. I'll get it for you.

    2. Steve Aubrey
      Joke

      Re: my compliments

      And noted by an author whose initial is "D". Of course he would notice!

  2. BobC

    Always-appropriate alliteration adds article attraction!

    Also: Always-appropriate alliteration adds article attraction!

  3. K

    It's an interesting point..

    As a deciple of the BoFH philosophy, I can't believe I'm about to admit to knowing this, it makes me physically queesy:

    This only happens if you actually forward the database port... If both DB and Frontend are containerised, then there is zero need to do that..

    So it's not a fault of docker, more a poorly configured container...

    1. jtaylor

      Re: It's an interesting point..

      "This only happens if you actually forward the database port... If both DB and Frontend are containerised, then there is zero need to do that..So it's not a fault of docker, more a poorly configured container..."

      Completely agree. In a Docker container, you map host ports to container ports. It sounds like NewsBlur used someone else's Docker config without checking the details. I don't hold it against the chap; one feature of Docker is that you don't have to understand it in order to use it.

      man docker-container-port

  4. Anonymous Coward
    Anonymous Coward

    Nope, his firewall did work as expected.

    "Clay explains that the Uncomplicated Firewall (uwf) he enabled on his internal servers didn't work as expected on a new server because of an insecure Docker default."

    Actually, his firewall did work as expected. Docker explains this in the documentation and this is a very common thing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like