Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Saturday, April 17, 2021

DevSecOps: Runing ASP .NET Core Applications with minimal privileges in Kubernetes

 


Configure podSecurityContext

Configure the pod to run as nobody/nogroup user as follows:

podSecurityContext
  runAsUser65534
  fsGroup65534



Configure SecurityContext

Configure security context to run with minimal possible privileges:

securityContext
  capabilities:
    drop:
    - ALL
    add
    - "NET_ADMIN"
  readOnlyRootFilesystemfalse
  runAsNonRoottrue
  runAsUser65534 # run as the nobody/nogroup user



Run on non standard port

Since we do not have permission to run ports lower tan 1024 (normally assigned by adding capability NET_BIND_SERVICE but this requires root privileges) we have to configure ASP .Net Core to listen to a port above 1024.

env:
nameASPNETCORE_URLS
    valuehttp://+:8080



Posted by at No comments:
Labels: , , ,

Friday, September 06, 2013

Windows Identity Framework Signing out

When using claims based security and you implement the sign out functionality do not forget to delete the sessions cookie... otherwise when playing around with the back button you are able to sign in again... this is something you don't want...


Loading ....
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)