Re: Secure blogging - static site generator + Docker

From: Loganaden Velvindron <loganaden_at_gmail.com>
Date: Wed, 22 Jul 2015 23:58:03 +0400

On Tue, Jul 21, 2015 at 10:13 AM, Vy-Shane Sin Fat <shane_at_node.mu> wrote:
> The poor track record of Wordpress security is a recurring topic in this
> mailing list, with some members going out of their way to look for
> alternative blog engines [1]. We also often see reports of Mauritian
> websites being compromised.
>
> Here's an alternative solution what should be very resilient:
>
> 1) Use a static site generator like Jekyll [2]

If there is little maintainance, then it's worth it in terms of
manpower invested.


> 2) Deploy the site as a read-only Docker container

Docker is a very interesting technology, that makes such deployment of
web applications very easy. Deploying as a read-only container would
indeed help !


>
> We basically move the smarts from the page serving step to a publishing step
> that is performed off server. The server serves static pages from a read
> only-environment. It's a simple solution with very few moving parts, and a
> reduced attack surface.

And not that much of overhead in terms of performance.


>
> Thoughts?
>
> [1]: http://logan.hackers.mu/2015/05/what-is-under-the-hood
> [2]: http://jekyllrb.com
>
Received on Wed Jul 22 2015 - 19:58:17 PST

This archive was generated by hypermail 2.3.0 : Wed Jul 22 2015 - 20:00:02 PST