Security Platform as a Service with Docker and Weave

Room 2 - Schibsted

Cloud services are rarely "read-only." We build cloud services to that users can interact with the data in the cloud. And the more complex the user interaction, the more likely that we will create a Turing complete query/configuration system. And sometimes we just allow users to upload traditional code like JavaScript, etc. But any Turing complete grammar means that there are all manner of security issues from running code in infinite loops to nastier issues including accessing other users' data. Containers provide an excellent abstraction for securing the execution of untrusted code. Containers provide simple levers to isolate data, constrain CPU, memory, and network access, and simple is generally better when securing a system. Please join David Pollak as he explores using Docker to isolate user code processes and the use of HAProxy and Nginx to make the isolated user code appear to unified with a whole web application.