Docker Hub Unauthorized Access Incident: How to safeguard yourself?

What happened?

On April 25th 2019, Docker discovered unauthorized access to a database holding the credentials of 190,000 Docker Hub accounts which includes usernames, hashed passwords as well as GitHub and Bitbucket tokens for Docker autobuilds.

Resolution

  • Change password on Docker Hub and any other accounts that shared the same password.
  • For users may have been impacted, Github and Bitbucket autobuilds tokens are revoked. This means your autobuilds will fail, reconnect to your repositories again and check security logs to make sure everything is okay.
  • Enable Docker Content Trust to receive and send data to Docker Hub repositories.
    $ export DOCKER_CONTENT_TRUST=1

Alternatively, you can use repositories from Azure, Google, AWS, OCI, and others.

What is Multi-tenant SaaS Application?

Before we dive into Multi-tenant SaaS application, let’s talk about what is SaaS and why do you need it?

SaaS applications are cloud based solutions hosted on cloud by third party where customers pay the the rent for using it instead of worrying about underlying infrastructure, upgrades for the software, etc. Some very popular applications which may have used in your company already are Atlasian (JIRA, Confluence), Slack, Datadog, etc…

It’s one of three main categories of cloud computing (IaaS, PaaS, SaaS) offerings. SaaS offers many potential advantages to customers over the traditional models of business software installation, including: Lower up-front cost, Quick to set up, Easy Upgrade, Accessibility, and Scalability.

Multi-tenant SaaS Applications:

Multi-tenant SaaS applications uses same application and database layers to run applications for multiple tenants (organizations/customers).

As for the data, each set of data is tagged as belonging to each customer to segregate and secure the data for each customer.

Today, SaaS application developers, as well as businesses, aim for the most cost-effective as well as an efficient approach for SaaS application development. That is why multi-tenant SaaS architecture is preferred over single tenancy.

When it comes to design, it’s not easy. Let’s look into some challenges of designing multi-tenant applications:

Tenant Isolation: Needed to keep one customer data separate from others. Failing to do so can bring the whole business down.

Customization: Supporting the customer (tenant) tenant specific customization.

Development & Operational Complexity: Schema changes, Restoring or Scaling tenant specific configurations.

Scalability: Flexibility to change subscriptions/plans for customers as and when need changes.

Design Patterns:

There are many patterns suggested by experts, and you can also come up with your own. But I would recommend only two patterns:

One database per tenant:

Multi-tenant Application using Azure SQL DB

Single multi-tenant database:

Multi-tenant Application Design on AWS

Resources:

https://docs.microsoft.com/en-us/azure/sql-database/saas-tenancy-app-design-patterns

Atlassian Multi-tenant Architecture Example



Create a website or blog at WordPress.com

Up ↑