Docker is a new type of application platform, and it has been built with a strong focus on security. You can package an existing application as a Docker image, run it in a Docker container, and get significant security benefits without changing any code.
A .NET 2.0 WebForms app currently running on Windows Server 2003 will happily run under .NET 4.5 in a Windows container based on Windows Server Core 2016 with no code changes, an immediate upgrade that applies 14 years of security patches!
Security in Docker encompasses a wide range of topics, which I will cover in this chapter. I'll explain the security aspects of containers and images, the extended features in Docker Trusted Registry (DTR), and the secure configuration of Docker in swarm mode.
In this chapter, I'll look at some of the internals of Docker to show how security is implemented and cover the following:
- Container processes run as an unknown user on the host, minimizing...