- MySQL password expiration features to help you comply with PCI-DSS : available from MySQL 5.6+, you can define an expiration date and then improve your PCI-DSS compliance.
- Official images are to move from Ubuntu to Alpine : main arguements are about disk space saving (and so bandwith and time to launch a container) and security (lower surface of attack).
- "Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox" according to the site
- First, I was sceptical as it requires the whole ecosystem to move from ubuntu to alpine ; indeed, wether you like it or not, people are used to ubuntu/debian and other mainstream distribution and all packages we are used to have are not yet available in alpinelinux also. To be honest, main packages are available.
- Then, a debian or whatever base image will still exist, be safe with that ; however, if you want to "hack" / inherit from a docker base image, you'll have to switch to Alpine.
- Third, we could consider that once your docker host has the base image in cache, the ~180M size of base image is not an issue. But starting from 5M may be a good argument however.
- Starting testing it on ARM device and especially Raspberry Pi, I'm quite pleased with its reactivity and packages available.
- Some tips to reduce the size of your docker image and also understand how size and layers impacts your docker image. Following the instructions, I could reduce my influxdb-chronograf docker image by 70M approx (from 360 to 290M if I'm correct)
Security & API/Web App
- Your API-Centric Web App Is Probably Not Safe Against XSS and CSRF : a detailed explaination on how to protect your WebApp and API from XSS and CSRF.