I mean, thatâs true regardless of how it is running. If the service is externally available, it will be probed for vulnerabilities. At least with a container, you can ward off what files it has access to, so an attacker canât just ransomware your entire NAS with a single vulnerable service.
MonkeMischief@lemmy.today â¨21⊠â¨hours⊠ago
And thaaaatâs why itâs head/tailscale or nothing for me. Iâm smart enough to know I donât know enough to be absolutely confident I wonât get SHODANâd and end up crying over a data catastrophe, never feeling truly secure ever again.
Every now and then itâs tempting to get those fun features in containers like Nextcloud, like public links and federation, but itâs not worth the risk IMHO. Not when thereâs state-class adversarial bots written by stupidly smart people roaming the landscape. <_<