scastie icon indicating copy to clipboard operation
scastie copied to clipboard

Published 20 hours ago verified publisher icon scalacenter

security hardening

Open MasseGuillaume opened this issue 7 years ago • 3 comments

Some tips from hacker news: (https://news.ycombinator.com/item?id=14375888)

  • https://github.com/wsargent/docker-cheat-sheet#security
  • Jessica McKellar: Building and breaking a Python sandbox - PyCon 2014 https://www.youtube.com/watch?v=sL_syMmRkoU
  • SELinux https://news.ycombinator.com/item?id=14245428

MasseGuillaume avatar May 19 '17 20:05 MasseGuillaume

Running as a non-root user seems like good first step.

Could the JVM's SecurityManager be useful as well?

mbovel avatar Nov 16 '21 18:11 mbovel

here a new, non-root user is set up for the container. Is it actually used? This might be unintended behavior

vincenzobaz avatar Nov 17 '21 10:11 vincenzobaz

Running as a non-root user seems like good first step.

Could the JVM's SecurityManager be useful as well?

we used to use SecurityManager in https://github.com/OlegYch/scastie_old but it is full of wholes and very restrictive at the same time currently docker works fine, but it would be nice to implement some kind of per user/ip time limits to prevent denial of service attacks

OlegYch avatar Nov 17 '21 16:11 OlegYch