Hacker News new | past | comments | ask | show | jobs | submit login

What about a "docker secure" command which updates the configuration to a more secure default?

This also raises the possibility of different security profiles like dev, prod, etc.

A default Docker install would be documented as being for development, and you run "docker secure" to change that for other environments.




I like the general idea, but ultimately suffers the same problem in that people have to know about it. There actually is a setting to set the default bind address already.


If you can't change the default because of backwards compatibility and inertia, you can at least provide a well-documented, recommended, easy way of fixing the default.

Is there official documentation that tells users to set the default bind address as a best practice?

I wasn't thinking so much of just changing one setting, but rather having a way to easily reconfigure an installation to set multiple settings to improve security.

In addition, elevating this to the status of a command and documenting it as a best practice helps spread awareness.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: