• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: July 9th, 2023

help-circle
  • notabot@lemm.eetoLinux@lemmy.mlVPS encryption
    link
    fedilink
    arrow-up
    16
    ·
    4 days ago

    It depends what you want to do with it. If it’s just for storing files/backups then encrypt them before uploading and make sure the key never goes anywhere near the VPS. If it’s for serving up something like a simple website, you probably care more about data integrity than exfiltration, so make sure you have the security, including selinux or equivalent, locked down, and regularly run integrity checks. If it’s for running something interactive, or where data will be generated or downloaded to the machine, you’re out of luck, there’s no even theoretical way of securing that against an adversary with that much access.



  • I like it, this is clearly very enterprisey and solution focused, but I would like to suggest a couple of amendments if I may?

    • Namespaces We should make full use of namespaces. Make the structural tags be in a language specific namespace (to be referenced in every function spec, obviously) but change the in an out params to use the parameter name as the tag, namespaced to the function they’re for, with a type attribute.

    • In memory message queues Have all function invocations be marshaled as xml documents posted to an in memory message queue. Said documents should use a schema that validates the structure and a function specific schema to validate the types of arguments being passed. Namespace everything.

    I reckon we could power a medium sided country if we could generate energy from the programmers despair.