Re: postgresql in docker to improve security

On Fri, May 3, 2024 at 10:14 AM vrms <vrms(at)netcologne(dot)de> wrote:

> interesting points @Kashif.
>
> On the other hand I often, that containers are by design ephemeral and
> tend to crash. This would be a threat to data integrity (allegedly more
> then running in a VM i.e.).
>
Yes that's true, but for that we have K8 and which can automate the
recovery process.

>
> Admittedly the environment I am working in is not very open to, nor
> experienced with container-technology in general, so these claims might be
> based on hearsay and those issues might not be actual problems any more
> these days.
>
Yes I agree, the technology is changing rapidly but there are still
loopholes and what we can do is to avoid as many risks as possible as
nothing is 100% secure.

>
> Any thoughts on that?
>
>
> Also I made a mark in my mind head thad podman, by design, was just a
> little more secure then Docker. I think it was due to the fact Containers
> can run without the need of requiring root privileges for the user running
> a podman container.
>
>
>
>
> On 5/3/24 5:23 AM, Kashif Zeeshan wrote:
>
> Hi
>
> Yes docker container improves the security and following are the ways it
> does.
> 1. Isolation : When you run postgres in a container, you are isolating it
> from host os and other containers so it limits the attack surface.
> 2. Port mapping : By mapping only the necessary container port and
> allowing access only using that port limits the attack surface.
> 3. You can manage the access privileges of the users that run container
> 4. Docker containers use namespaces for process isolation and security.
>
> Regards
> Kashif Zeeshan
> Bitnine Global
>
> On Fri, May 3, 2024 at 3:44 AM Nguyen, Long (IM&T, St. Lucia) <
> Long(dot)Nguyen(at)csiro(dot)au> wrote:
>
>> Good day. This is a general db question.
>>
>>
>>
>> I start exploring containerisation and start learning docker. Would
>> having postgresql in docker improve security in the sense that users could
>> only access to the db through the port mapped to the environment outside of
>> docker, and if they somehow are able to hack and access outside the db, the
>> access is limited within the container not the OS that host the container.
>>
>>
>>
>> Thanks.
>>
>
>
>
> On 5/3/24 5:23 AM, Kashif Zeeshan wrote:
>
> Hi
>
> Yes docker container improves the security and following are the ways it
> does.
> 1. Isolation : When you run postgres in a container, you are isolating it
> from host os and other containers so it limits the attack surface.
> 2. Port mapping : By mapping only the necessary container port and
> allowing access only using that port limits the attack surface.
> 3. You can manage the access privileges of the users that run container
> 4. Docker containers use namespaces for process isolation and security.
>
> Regards
> Kashif Zeeshan
> Bitnine Global
>
> On Fri, May 3, 2024 at 3:44 AM Nguyen, Long (IM&T, St. Lucia) <
> Long(dot)Nguyen(at)csiro(dot)au> wrote:
>
>> Good day. This is a general db question.
>>
>>
>>
>> I start exploring containerisation and start learning docker. Would
>> having postgresql in docker improve security in the sense that users could
>> only access to the db through the port mapped to the environment outside of
>> docker, and if they somehow are able to hack and access outside the db, the
>> access is limited within the container not the OS that host the container.
>>
>>
>>
>> Thanks.
>>
>