Hardening Docker Networking?

waynish · July 27, 2020, 2:05pm

Inspired by the common Meow db exploits, I wanted to ask about how to further harden dockerized databases:

– db is not exposed
– only other dockerized nodejs services can talk to the db
– several of those dockerized nodejs services are exposed

Are there ways attackers can exploit Docker quirks or networking to gain access to un-exposed dbs (in this case mongodb container I run based on the official mongodb image)?

I’ve done some searching, but I’d like to see more experience & suggests concentrated & discussed in one place.

Thanks!

Topic		Replies	Views
Docker with Web Server and Database Server General dockerhub , dockersecurityscan , security , docker	3	16497	June 8, 2016
How the external app can access DB container Docker Hub	3	1274	April 11, 2020
Ports not exposed in mongo container General docker-compose	3	47	February 11, 2025
Difficulty getting containersized backend to talk to databases Docker Desktop	0	543	February 25, 2021
Docker node app is not connecting the mongo db General docker , build	3	6227	September 4, 2023

Hardening Docker Networking?

Related topics