Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Make rename-able DKIM DNS record

    Feature Requests
    dkim dns
    3
    7
    401
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_ai
      potemkin_ai last edited by girish

      As a follow up for the thread earlier, as a security measure, it would be nice to avoid Cloudron service discovery via DNS naming and hence make DKIM record renaeable (or other way to keep it unique and not service name specific).

      murgero 1 Reply Last reply Reply Quote 2
      • murgero
        murgero App Dev @potemkin_ai last edited by murgero

        @potemkin_ai AFAIK there is no real security benefit to making it re-namable. If the cloudron is internet accessible (assuming it is since you mention dkim records) then the login page (or other app is accessible) which with a simple web browser one can tell it's a Cloudron install.

        A better security measure would be to make sure SSH is only accessible by YOU (limit IPs that can access it, Private Key Authentication, etc) and use 2fa on all apps that support it.

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~
        Matrix: @murgero:urgero.org

        potemkin_ai 1 Reply Last reply Reply Quote 1
        • potemkin_ai
          potemkin_ai @murgero last edited by

          @murgero nothing stops me from putting a firewall or/and web proxy in front of the instance, keeping all of the benefits, without exposure

          murgero 1 Reply Last reply Reply Quote 0
          • robi
            robi last edited by

            Let's agree that making it renamable is useful for other scenarios more so than security by obscurity.

            Life of Advanced Technology

            potemkin_ai 1 Reply Last reply Reply Quote 0
            • potemkin_ai
              potemkin_ai @robi last edited by

              @robi 👍 🙂

              1 Reply Last reply Reply Quote 0
              • murgero
                murgero App Dev @potemkin_ai last edited by

                @potemkin_ai You can definitely do that - but some services need to be accessible from the outside in order to work (like web services, some email service(s), etc etc.)

                Making it renamable for the sake of security is pointless - however, if you were to rename it for other reasons or just to rename it then I don't see the issue in allowing admins to do so.

                As @robi suggested - it can be useful in other scenarios. I just don't see the difference in a publicly hosted Cloudron and one where you obscure one part of it - Unfortunately there is no way to hide the fact you are running Cloudron from a malicious actor. At least not yet.

                --
                https://urgero.org
                ~ Professional Nerd. Freelance Programmer. ~
                Matrix: @murgero:urgero.org

                potemkin_ai 1 Reply Last reply Reply Quote 0
                • potemkin_ai
                  potemkin_ai @murgero last edited by

                  @murgero I didn't say it wouldn't be accessible; it would, just through my proxies, that make sure to remove any information, that would help in disclosure.

                  You also miss an option with Intranets.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Powered by NodeBB