I haven’t seen this posted yet here, but anybody self-hosting OwnCloud in a containerized environment may be exposing sensitive environment variables to the public internet. There may be other implications as well.

  • sudneo@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Absolutely not. Many applications used ENV variables for sensitive stuff even before. Let’s remember that the vulnerability here is being able to execute phpinfo remotely.

    Containerization can do good for security, in general.

      • sudneo@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        OK, but how do you solve the problem? Trusting an image is not so different than downloading a random deb and installing it, which maybe configures a systemd unit as well. If not containers you still have to run the application somehow.

        Ultimately my point is that containers allow you to do things securely, exactly like other tools. You don’t even have to trust the image, you can build your own. In fact, almost every tool I add to my lab, I end up opening a PR for a hardened image and a tighter helm chart.

        In any case, I would not expose such application outside of a VPN, which is a blanket security practice that most selhosters should do for most of their services…