| From: | vrms <vrms(at)netcologne(dot)de> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: postgresql in docker to improve security |
| Date: | 2024-05-03 05:14:57 |
| Message-ID: | e7f014fc-85b7-4eeb-b943-d6107dd58a25@netcologne.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
interesting points @Kashif.
On the other hand I often, that containers are by design ephemeral and
tend to crash. This would be a threat to data integrity (allegedly more
then running in a VM i.e.).
Admittedly the environment I am working in is not very open to, nor
experienced with container-technology in general, so these claims might
be based on hearsay and those issues might not be actual problems any
more these days.
Any thoughts on that?
Also I made a mark in my mind head thad podman, by design, was just a
little more secure then Docker. I think it was due to the fact
Containers can run without the need of requiring root privileges for the
user running a podman container.
On 5/3/24 5:23 AM, Kashif Zeeshan wrote:
> Hi
>
> Yes docker container improves the security and following are the ways
> it does.
> 1. Isolation : When you run postgres in a container, you are isolating
> it from host os and other containers so it limits the attack surface.
> 2. Port mapping : By mapping only the necessary container port and
> allowing access only using that port limits the attack surface.
> 3. You can manage the access privileges of the users that run container
> 4. Docker containers use namespaces for process isolation and security.
>
> Regards
> Kashif Zeeshan
> Bitnine Global
>
> On Fri, May 3, 2024 at 3:44 AM Nguyen, Long (IM&T, St. Lucia)
> <Long(dot)Nguyen(at)csiro(dot)au> wrote:
>
> Good day. This is a general db question.
>
> I start exploring containerisation and start learning docker.
> Would having postgresql in docker improve security in the sense
> that users could only access to the db through the port mapped to
> the environment outside of docker, and if they somehow are able to
> hack and access outside the db, the access is limited within the
> container not the OS that host the container.
>
> Thanks.
>
On 5/3/24 5:23 AM, Kashif Zeeshan wrote:
> Hi
>
> Yes docker container improves the security and following are the ways
> it does.
> 1. Isolation : When you run postgres in a container, you are isolating
> it from host os and other containers so it limits the attack surface.
> 2. Port mapping : By mapping only the necessary container port and
> allowing access only using that port limits the attack surface.
> 3. You can manage the access privileges of the users that run container
> 4. Docker containers use namespaces for process isolation and security.
>
> Regards
> Kashif Zeeshan
> Bitnine Global
>
> On Fri, May 3, 2024 at 3:44 AM Nguyen, Long (IM&T, St. Lucia)
> <Long(dot)Nguyen(at)csiro(dot)au> wrote:
>
> Good day. This is a general db question.
>
> I start exploring containerisation and start learning docker.
> Would having postgresql in docker improve security in the sense
> that users could only access to the db through the port mapped to
> the environment outside of docker, and if they somehow are able to
> hack and access outside the db, the access is limited within the
> container not the OS that host the container.
>
> Thanks.
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kashif Zeeshan | 2024-05-03 05:17:34 | Re: postgresql in docker to improve security |
| Previous Message | gunnar.wagner | 2024-05-03 05:06:24 | Re: postgresql in docker to improve security |