Inspired by the common Meow db exploits, I wanted to ask about how to further harden dockerized databases:
– db is not exposed
– only other dockerized nodejs services can talk to the db
– several of those dockerized nodejs services are exposed
Are there ways attackers can exploit Docker quirks or networking to gain access to un-exposed dbs (in this case mongodb container I run based on the official mongodb image)?
I’ve done some searching, but I’d like to see more experience & suggests concentrated & discussed in one place.