I'm working on a Dockerized solution for a client and need some advice on securing my code. Specifically, I want to restrict the client's access to certain parts of the container's filesystem, even if the code is compiled and not directly readable. Would it help to create a user inside the container with limited permissions, or is there a better way to ensure my code stays secure?
4 Answers
Any way you slice it, asking a client to be locked out of their own container is a bit tricky. Once code is executed, it becomes readable. The only reliable approach is to deploy it on your own infrastructure, which gives you complete control.
Similar to others' points, once the container is with the client, they're going to access the files regardless of how you set permissions. You could technically hide certain functionalities from them, but it's a tricky balance. The best way might actually be not to run the application on their hardware, instead, consider hosting it yourself.
Unfortunately, if a client has access to the container, they can always find a way to access the filesystem. It's just something you can't fully prevent once they have the image. If you don’t trust the client, ideally, avoid giving them access altogether.
One thing to consider is using an external licensing service. This way, if the client stops paying, you can disable the application from starting. Also, running the code through an obfuscator might deter direct reverse engineering, but it can complicate your debugging. To enhance security, think about using a distroless container. It removes unnecessary shell applications and tools that make it easier to meddle with the container.
Related Questions
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically
[Centos] Delete All Files And Folders That Contain a String