[Discuss] Container to deploy a web service

[dsr at randomstring.org (Dan Ritter)]

Jason Normand: 
> from a strictly technical perspective, in order to make something like this
> work in docker you would need to set up some kind of runtime decryption.
> basically your system would need to read encrypted files from the volume
> then decrypt them into a memory based storage (harder thought not
> impossible to read form the host).  with docker any files in a running
> container are fully accessible from the host system, and further files in
> the container image can be unpacked by anyone with access to the image.  so
> with docker who ever has access to the host system, has access to all
> container files.

All of this has happened before. It's called "copy protection"
or "DRM - digital rights management".

It always goes like this:

1. I want to sell you something, but I don't want you to be able
   to look inside it or copy it or something.

2. So I encrypt the thing. Now you can't access it.

3. So I give you a method of playing the thing.

4. But you still can't access it because it's encrypted, so I
   also have to send the key along.

5. Now I have sent you the encrypted thing, a way to use the
   thing, and the key to unencrypting the thing. Why have I gone
   to all this bother again?

In case it's clear: don't do this. It's not worth while.

-dsr-