[英]Are sql dumps moved into docker container `docker-entrypoint-initdb.d` encrypted?
I'm dumping a database into a sql dump: 我正在将数据库转储到sql转储中:
docker exec mysql sh -c 'exec mysqldump --all-databases -uroot -ppassword' > all-databases.sql
Then I'm using a Dockerfile to build a mysql image and run as a container: 然后,我使用Dockerfile构建mysql映像并作为容器运行:
FROM mysql:5.6.41
# needed for intialization
ENV MYSQL_ROOT_PASSWORD=whateverPassword
ADD all-databases.sql /docker-entrypoint-initdb.d/
EXPOSE 3306
When I run the container if I exec into the container, can I access the all-databases.sql file and see the contents of my database in plaintext in the docker image? 当我执行到容器时运行容器时,是否可以访问all-databases.sql文件,并在docker映像中以纯文本格式查看数据库的内容?
Currently if I look into /docker-entrypoint-initdb.d/
it says all-databases.sql but I don't know where that file is stored/if it's encrypted. 目前,如果我查看
/docker-entrypoint-initdb.d/
它显示为all-databases.sql,但我不知道该文件的存储位置/是否已加密。
If you docker exec
into the container, the file will be unencrypted. 如果您将
docker exec
放入容器中,该文件将不会被加密。 (It's just a text file and you can look at it with more
on most image bases.) (这只是一个文本文件,您可以在大多数图像库中查看
more
内容。)
However, if you can run any Docker command at all, then generally it's trivial to get unrestricted root access on the system. 但是,如果您完全可以运行任何Docker命令,那么通常很难在系统上获得不受限制的root用户访问权限。 (Consider using
docker run -v /etc:/host-etc
to add yourself to /etc/sudoers
or to allow root logins with no password.) (考虑使用
docker run -v /etc:/host-etc
将自己添加到/etc/sudoers
或允许不使用密码的root用户登录。)
Also remember that anyone who has the image can docker run
it and see the file there, if that matters to your security concerns. 还要记住,如果对您的安全性很重要,那么拥有映像的任何人都可以通过
docker run
它并在那里查看文件。 If you're looking for a single file with root access on the system anyways, you can find it without too much effort in /var/lib/docker
. 如果您一直在寻找一个具有系统根访问权限的文件,则可以在
/var/lib/docker
轻松找到它。 They can also easily run docker history
to see the database root password you've set. 他们还可以轻松地运行
docker history
来查看您设置的数据库根密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.