From c0b686bcc774d9e773847bcdc6d545fdeef4eba1 Mon Sep 17 00:00:00 2001 From: Will Sargent Date: Tue, 23 Dec 2014 12:37:18 -0800 Subject: [PATCH] Add a note about security. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 71a5a7c..a8cd0c8 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ export DOCKER_HOST=tcp://localhost:2375 docker version ``` -> NOTE: the YungSang boot2docker opens up port forwarding to the network, so is not safe on public wifi. You can make a good argument that docker without TLS is [fundamentally unsafe](https://medium.com/@kevanahlquist/never-run-docker-on-a-tcp-socket-without-tls-1e7df31cf18c). I only do it because I have [Hands Off](http://www.oneperiodic.com/products/handsoff/) installed to limit external network access. +> NOTE: the YungSang boot2docker opens up port forwarding to the network, so is not safe on public wifi. You can make a good argument that docker without TLS is [fundamentally unsafe](https://medium.com/@kevanahlquist/never-run-docker-on-a-tcp-socket-without-tls-1e7df31cf18c). I only do it because I have [Hands Off](http://www.oneperiodic.com/products/handsoff/) installed to limit external network access. Then start up a container: @@ -174,7 +174,7 @@ A repository is a *hosted* collection of tagged images that together create the A registry is a *host* -- a server that stores repositories and provides an HTTP API for [managing the uploading and downloading of repositories](http://docs.docker.io/use/workingwithrepository/). -Docker.io hosts its own [index](https://index.docker.io/) to a central registry which contains a large number of repositories. +Docker.io hosts its own [index](https://index.docker.io/) to a central registry which contains a large number of repositories. Having said that, the central docker registry [does not do a good job of verifying images](https://titanous.com/posts/docker-insecurity) and should be avoided if you're worried about security. * [`docker login`](http://docs.docker.io/reference/commandline/cli/#login) to login to a registry. * [`docker search`](http://docs.docker.io/reference/commandline/cli/#search) searches registry for image.