[Labs-l] Signpost
Marc A. Pelletier
marc at uberbox.org
Sun May 15 13:43:37 UTC 2016
On 2016-05-12 5:54 PM, Huji Lee wrote:
> I know with WordPress the issues is no about the spread of
> vulnerabilities from one server instance to another, but I wonder how
> Labs is secured against the latter specifically.
The security domain for labs is the project, not the instance; but they
are otherwise insulated from each other so long as they do not share
resources.
In particular, a system user has no privileges to hop from one instance
to another and if no authentication credentials are stored in user
accounts (which you really should not) and you do not use agent
forwarding then you're as secure as can be within a visualization
infrastructure.
If the WordPress instance is properly puppetized, then a
wipe-and-recreate does the trick to cleanup after any incident.
-- Marc
More information about the Labs-l
mailing list