Thanks for sharing. A few (opinionated) things come to mind.
Always use git (or at least another CVS). Docker does not replace git.
Save your Dockerfiles, and docker-compose*.ymls inside your git repo.
Do use docker-compose. It makes everything easier. Seriously.
Why give everyone access to a shared container? Then if they make changes and push, you have no idea who to blame. Just let your team clone the repo, run docker-compose -f docker-compose.dev.yml up (or similar), and let them work on their own machines. The whole point of using git is so multiple people can work on their own copies at the same time.
Never run as root if not necessary, including inside containers. Docker has never cared much for security, and one of the things I do most often is override the USER inside my Dockerfiles.
Use ssh keys rather than a shared password, if you're going to be sharing an account. You should always use keys even if you don't share it, IMAO.
Hey!
I did not mean to replace git, as I said i'm using it to version control my code, not my environment
I know about docker-compose and ssh keys but I want to write this blog post for the average user, so I left it behind
And about using root I agree when it comes to "real" servers, when we talk about dockers you can in a single command restore it and so nothing bad can happen
Comment marked as low quality/non-constructive by the community. View Code of Conduct
I agree you should never blog how to do something insecurely by default just because it's easier. That's why the state of security is the way it is, and why all PHP coders suck.
All PHP codes suck? That's quite harsh. Most of the internet is written in PHP (including most of what Facebook makes). I think that's an offensive generalization. As eranelbaz said, he only uses it for local development. I think that as long as your shared environments (staging, production etc.) Are properly secured, setting up local unsecured docker is pretty much like running a local instance of your application with root. No harm, as no one has access to it but you.
Thanks for sharing. A few (opinionated) things come to mind.
git(or at least another CVS). Docker does not replace git.Dockerfiles, anddocker-compose*.ymls inside your git repo.docker-compose -f docker-compose.dev.yml up(or similar), and let them work on their own machines. The whole point of using git is so multiple people can work on their own copies at the same time.USERinside my Dockerfiles.Hey!
I did not mean to replace
git, as I said i'm using it to version control my code, not my environmentI know about
docker-composeandssh keysbut I want to write this blog post for the average user, so I left it behindAnd about using
rootI agree when it comes to "real" servers, when we talk aboutdockersyou can in a single command restore it and so nothing bad can happenI agree you should never blog how to do something insecurely by default just because it's easier. That's why the state of security is the way it is, and why all PHP coders suck.
All PHP codes suck? That's quite harsh. Most of the internet is written in PHP (including most of what Facebook makes). I think that's an offensive generalization. As eranelbaz said, he only uses it for local development. I think that as long as your shared environments (staging, production etc.) Are properly secured, setting up local unsecured docker is pretty much like running a local instance of your application with root. No harm, as no one has access to it but you.
Most of non PHP coders said PHP Coders are suck, because most of the job ask for PHP.
What's the most secure programming language?
It's all depend on Developer, not the programming language