September 19, 201411 yr Hi, I would like to control NzbGet and CP via an android app. When I had my VM setup I just forwarded the needed ports to my VM IP. Now the Docker IP is the same as my unRAID server. But the way I understand Docker is that each container is sandboxed. Is my assumption right that it would be as secure as in my VM setup if I open the needed ports to the public?!
September 19, 201411 yr Exposing an application port to the internet via a VM or a docker carry the exact same risk of breach if the app is the same version. However technically it is possible for any successful attack to be escalated further since docker does not sit on a hypervisor. As far as I know there has only been on POC for this as yet and it is non trivial. Exposing private services to the internet is a bad idea and so last decade. The way to do it is via a VPN. Anything less that this is a risk you simply dont need to take in modern times.
September 19, 201411 yr Author Did you mean it is possible to escalate or it isn't? I guess I will take the extra step of first connecting to my openvpn server at home and then control the Dockers via the Android app. Thanks Edit: Don't wanna be old-fashioned ;-)
September 19, 201411 yr I mean thre has been one proof of concept escalation exploit already which has been closed but as docker gets more popular people will find more. Thats just one of those things and I would not ever suggest it would stop you using docker but information is power as they say.
September 19, 201411 yr Author I think I have read about the attack here months ago.... Forgot about it. Thanks again
Archived
This topic is now archived and is closed to further replies.