Security Platform as a Service with Docker and Weave

0
42

Cloud services are rarely “read-only.” We build cloud services to that users can interact with the data in the cloud. And the more complex the user interaction, the more likely that we will create a Turing complete query/configuration system. And sometimes we just allow users to upload traditional code like JavaScript, etc. But any Turing complete grammar means that there are all manner of security issues from running code in infinite loops to nastier issues including accessing other users’ data. Containers provide an excellent abstraction for securing the execution of untrusted code. Containers provide simple levers to isolate data, constrain CPU, memory, and network access, and simple is generally better when securing a system. Please join David Pollak as he explores using Docker to isolate user code processes and the use of HAProxy and Nginx to make the isolated user code appear to unified with a whole web application.

Author:
David Pollak
David founded the Lift Web Framework, wrote Beginning Scala, and generally helped popularize Scala. He also wrote a couple of commercial spreadsheets. These days, you can find him writing Scala and Clojure and maybe some Go… enjoying being a geek in this geektastic era.

source

LEAVE A REPLY

Please enter your comment!
Please enter your name here