I’ve setup a Jenkins server to manage CI/CD for my various projects, and I want to verify if my setup is overly insecure and what things I could do improve my setups security posture. This post will serve mainly as a guide and checklist for myself. Securing the Server I used the linode marketplace to setup my instance. Securing a server is a big topic, and for now, I just want to make sure the basics are covered: ...
Securing your Backend I’ve been learning how to use react and nextJS to build a frontend for one of my projects. I’m using Flask to build the API backend server that will provide the main functionality. I want to limit abuse of the API server and came across several options. Options CORS CORS is a mechanism that’s enforced by the browser to limit access to a server’s resources. However, since it’s only a browser enforced mechanism, a user can replay the request using another method like curl. ...
Rclone is a popular command line tool to sync and manage files on a cloud storage. It supports a wide variety of backends (referred to as remotes) and has support for a crypt remote that encrypts the files before storing them in the target backend. For this evaluation, I only looked at the local file system as the backend, however, it still applies to any other configured backend. The configuration steps are detailed in the crypt page. The defaults are good and turn on both filename and directory name encryption, it also includes an option to generate the passwords (encryption and salt) from /dev/urandom for the user. The filename and directory name length can’t be larger than 143 characters which is smaller than the other solutions we looked at. ...
Sensitive File Cloud Back ups I have a folder in my laptop that contains sensitive information that I’d like to backup/sync. I’m not worried about the security of the storage provider1 I’m uploading to, but I don’t want them to be able to parse the file for any purpose. My threat model is preventing the storage provider from reading the contents. I somewhat trust the cloud provider to not compromise my files to external entities. ...