Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restrict access to sqs for worker containers #27

Open
alexwaeseperlman opened this issue May 19, 2023 · 1 comment
Open

Restrict access to sqs for worker containers #27

alexwaeseperlman opened this issue May 19, 2023 · 1 comment

Comments

@alexwaeseperlman
Copy link
Owner

alexwaeseperlman commented May 19, 2023

Workers should only be able to read one item at a time from the games queue and push to the game result queue to minimize the damage of malicious code. We should look into giving them their own rabbitmq user.

@alexwaeseperlman alexwaeseperlman changed the title Restrict access to rabbitmq for worker containers Restrict access to sqs for worker containers Jul 4, 2023
@alexwaeseperlman
Copy link
Owner Author

Implementing this will be nice for security, but also pretty hard. Here is the design:

  • A worker should only have permission to get one job at a time.
  • They don't have permission to get a new job until they have sent back a plausible result for the old one
  • Thorough logging of every process that runs on a worker
    This way a compromised worker won't be able to do much damage

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant