| Re: [flux-dev] Security concerns |
Hey, Yoann,
great questions and thoughts. I see two different levers of security issues here. The first one is the fundamental “where does Flux run” question (or public vs. private hosting of Flux):
- Flux is designed to work in a public hosted environment where Flux itself and services can run somewhere “in the cloud”.
- Flux is also designed to work “in-house”, in your own data-center, where you have full control over the network and the access to this network.
I would expect that companies that are concerned about security and like to host and store everything in their own data centers will prefer the second option for using Flux. And this is perfectly fine. In that case the source code is never leaving your companies network if you are running Flux inside this network only.
The second level that I thought about is user authentication as well as service authentication.
User authentication is implemented in the prototype up to a certain degree. It allows you to run the prototype with authentication enabled. In that case users need to authenticate themselves before they can join Flux. Once authenticated, users can see their own projects only. This is done my message scoping, where every user gets his own message channel on Flux. So users don’t see each others messages flying by.
Service authentication is a different beast and not yet implemented. In general, services need to authenticate themselves as well and they need to have a super user token if they want to see everything. But I would prefer something like: every user can grant an individual service access to his/her projects (using a revocable token, for example). Once a user granted access, a service can join the channel of that user and “see” the projects of that user, nothing else.
Just a few thoughts… There are no concrete plans to implement anything mentioned here at the moment though.
Cheers,
-Martin
> _______________________________________________
> Now that you've showcased Flux to a bigger audience, I was curious to know if you had any feedback regarding security. And here I mean that some companies may be reluctant to use a service like Flux to deal with their private source code (not open source).
>
> I know that it may not be a long term concern as companies embrace more and more the cloud and open source. But I feel like it will take some time for things like source code, which is the most important asset of many companies. (It'd be nice to have the statistics from GitHub (notably GitHub Enterprise) and Bitbucket/Stash to figure out how fast things change...)
>
> A core principle of Flux is that the source code (or workspace) is replicated (in real time) across the connected services. This multiplies places where source code could be stolen (and why not modified!). Each service represents a new point of attack. And each channel of communication between services is at risk too. Flux can take care of securing transport, but has no control over how services are designed.
>
> I'm sure there are plenty of ways to mitigate the risks. I guess you'd have to carefully pick what services you consider safe enough to be used in your company. Or you could use Flux in your private network.
>
> Is this security concern valid?
> Is it a risk that can prevent people from adopting Flux? (I'd also be interesting in knowing what you think the major risks are for this project)
> How do you plan to minimize it?
>
> Thanks,
>
> Yoann
>
> flux-dev mailing list
> flux-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/flux-dev
_______________________________________________
flux-dev mailing list
flux-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/flux-dev