Jason Normand: > from a strictly technical perspective, in order to make something like this > work in docker you would need to set up some kind of runtime decryption. > basically your system would need to read encrypted files from the volume > then decrypt them into a memory based storage (harder thought not > impossible to read form the host). with docker any files in a running > container are fully accessible from the host system, and further files in > the container image can be unpacked by anyone with access to the image. so > with docker who ever has access to the host system, has access to all > container files.
All of this has happened before. It's called "copy protection" or "DRM - digital rights management". It always goes like this: 1. I want to sell you something, but I don't want you to be able to look inside it or copy it or something. 2. So I encrypt the thing. Now you can't access it. 3. So I give you a method of playing the thing. 4. But you still can't access it because it's encrypted, so I also have to send the key along. 5. Now I have sent you the encrypted thing, a way to use the thing, and the key to unencrypting the thing. Why have I gone to all this bother again? In case it's clear: don't do this. It's not worth while. -dsr- _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss