[Discuss] Container to deploy a web service
Dan Ritter
dsr at randomstring.org
Thu Nov 8 09:45:41 EST 2018
Jason Normand:
> from a strictly technical perspective, in order to make something like this
> work in docker you would need to set up some kind of runtime decryption.
> basically your system would need to read encrypted files from the volume
> then decrypt them into a memory based storage (harder thought not
> impossible to read form the host). with docker any files in a running
> container are fully accessible from the host system, and further files in
> the container image can be unpacked by anyone with access to the image. so
> with docker who ever has access to the host system, has access to all
> container files.
All of this has happened before. It's called "copy protection"
or "DRM - digital rights management".
It always goes like this:
1. I want to sell you something, but I don't want you to be able
to look inside it or copy it or something.
2. So I encrypt the thing. Now you can't access it.
3. So I give you a method of playing the thing.
4. But you still can't access it because it's encrypted, so I
also have to send the key along.
5. Now I have sent you the encrypted thing, a way to use the
thing, and the key to unencrypting the thing. Why have I gone
to all this bother again?
In case it's clear: don't do this. It's not worth while.
-dsr-
More information about the Discuss
mailing list