Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Make rename-able DKIM DNS record

Make rename-able DKIM DNS record

Scheduled Pinned Locked Moved Feature Requests
dkimdns
7 Posts 3 Posters 1.3k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_aiP Offline
      potemkin_aiP Offline
      potemkin_ai
      wrote on last edited by girish
      #1

      As a follow up for the thread earlier, as a security measure, it would be nice to avoid Cloudron service discovery via DNS naming and hence make DKIM record renaeable (or other way to keep it unique and not service name specific).

      murgeroM 1 Reply Last reply
      2
      • potemkin_aiP potemkin_ai

        As a follow up for the thread earlier, as a security measure, it would be nice to avoid Cloudron service discovery via DNS naming and hence make DKIM record renaeable (or other way to keep it unique and not service name specific).

        murgeroM Offline
        murgeroM Offline
        murgero
        App Dev
        wrote on last edited by murgero
        #2

        @potemkin_ai AFAIK there is no real security benefit to making it re-namable. If the cloudron is internet accessible (assuming it is since you mention dkim records) then the login page (or other app is accessible) which with a simple web browser one can tell it's a Cloudron install.

        A better security measure would be to make sure SSH is only accessible by YOU (limit IPs that can access it, Private Key Authentication, etc) and use 2fa on all apps that support it.

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~

        potemkin_aiP 1 Reply Last reply
        1
        • murgeroM murgero

          @potemkin_ai AFAIK there is no real security benefit to making it re-namable. If the cloudron is internet accessible (assuming it is since you mention dkim records) then the login page (or other app is accessible) which with a simple web browser one can tell it's a Cloudron install.

          A better security measure would be to make sure SSH is only accessible by YOU (limit IPs that can access it, Private Key Authentication, etc) and use 2fa on all apps that support it.

          potemkin_aiP Offline
          potemkin_aiP Offline
          potemkin_ai
          wrote on last edited by
          #3

          @murgero nothing stops me from putting a firewall or/and web proxy in front of the instance, keeping all of the benefits, without exposure

          murgeroM 1 Reply Last reply
          0
          • robiR Offline
            robiR Offline
            robi
            wrote on last edited by
            #4

            Let's agree that making it renamable is useful for other scenarios more so than security by obscurity.

            Conscious tech

            potemkin_aiP 1 Reply Last reply
            0
            • robiR robi

              Let's agree that making it renamable is useful for other scenarios more so than security by obscurity.

              potemkin_aiP Offline
              potemkin_aiP Offline
              potemkin_ai
              wrote on last edited by
              #5

              @robi 👍 🙂

              1 Reply Last reply
              0
              • potemkin_aiP potemkin_ai

                @murgero nothing stops me from putting a firewall or/and web proxy in front of the instance, keeping all of the benefits, without exposure

                murgeroM Offline
                murgeroM Offline
                murgero
                App Dev
                wrote on last edited by
                #6

                @potemkin_ai You can definitely do that - but some services need to be accessible from the outside in order to work (like web services, some email service(s), etc etc.)

                Making it renamable for the sake of security is pointless - however, if you were to rename it for other reasons or just to rename it then I don't see the issue in allowing admins to do so.

                As @robi suggested - it can be useful in other scenarios. I just don't see the difference in a publicly hosted Cloudron and one where you obscure one part of it - Unfortunately there is no way to hide the fact you are running Cloudron from a malicious actor. At least not yet.

                --
                https://urgero.org
                ~ Professional Nerd. Freelance Programmer. ~

                potemkin_aiP 1 Reply Last reply
                0
                • murgeroM murgero

                  @potemkin_ai You can definitely do that - but some services need to be accessible from the outside in order to work (like web services, some email service(s), etc etc.)

                  Making it renamable for the sake of security is pointless - however, if you were to rename it for other reasons or just to rename it then I don't see the issue in allowing admins to do so.

                  As @robi suggested - it can be useful in other scenarios. I just don't see the difference in a publicly hosted Cloudron and one where you obscure one part of it - Unfortunately there is no way to hide the fact you are running Cloudron from a malicious actor. At least not yet.

                  potemkin_aiP Offline
                  potemkin_aiP Offline
                  potemkin_ai
                  wrote on last edited by
                  #7

                  @murgero I didn't say it wouldn't be accessible; it would, just through my proxies, that make sure to remove any information, that would help in disclosure.

                  You also miss an option with Intranets.

                  1 Reply Last reply
                  0
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • Bookmarks
                    • Search