Is source code from docker downloadable to local system? - docker

I have a source code which i want to make publicly available but the source code shouldn't be downloadable in their local systems.
1. Is this possible using VM or docker. Which one is better ?
2. Can changes to the code by any client be added to the version control system or git from docker.

Yes the source code will be available, and no it is not possible to directly prevent that. Anyone who has access to the VM or the docker image will be able to extract your source code from either of them. For the VM you can typically mount the disks directly and just view them, and for booth a VM and Docker you can't stop someone from directly logging into the running vm or container and initiating a transfer themselves.
If you're concerned about source code you'll want to use a compiler or obfuscation tool, and which one makes the most sense will depend on the language you're using.

Related

How are all official windows docker images related?

I have been working with Docker for Windows for about a year now, and I still do not have a good grasp of when I should use the different images, how they are related, and what components of Windows that are in them.
On this link:
https://hub.docker.com/_/microsoft-windows-base-os-images
there are four "Featured repos":
windows/servercore
windows/nanoserver
windows/iotcore
windows
I understand that windows/servercore should contain more things that nanoserver, but what are does things exactly? Why does some programs work in servercore and not nanoserver and is there some way of finding what is missing in nanoserver for a particular program?
In addition to this, they list three related repos:
microsoft/dotnet-framework
microsoft/dotnet
microsoft/iis
Both of the dotnet repos contain five sub repos, and the difference is that dotnet-framework is based on server core, while dotnet is based on nanoserver.
Is there some comprehensible documentation of all these repos/images, maybe with a graph for a simple overview? Do some of them have a public Dockerfile that explains how they were created, like for example this:?
https://github.com/docker-library/python/blob/master/3.6/windows/windowsservercore-ltsc2016/Dockerfile
The differences your are mentionning are less linked to Docker than you think.
All images are a successions of operation which will result in a functionning environnement. See it as an automated installation, just like you would do it by hand on a physical machine.
Having different images on a repo means that the installation is different, with different settings. I'm not a .NET expert nor a Windows Server enthousiast, but for what I found, Nano Server is another way to install a Windows Server, with less functionnality so it's light-weigth. (https://learn.microsoft.com/en-us/windows-server/get-started/getting-started-with-nano-server)
Those kind of technical difference are technology specific and you'll find all the informations needed on the official documentations of Microsoft.
Remember that Docker is a way to do something, not the designer of the os you are using, so most of the time you'll have to search in the actual documentation of your system (in that case, Windows Server and .NET framework).
I hope this helped you to understand a little better, have fun with Docker!

Secure Docker Image from Being Copied or Encrypt Docker Image Contents

We have developed a tool in python which uses many libraries and other algorithms. We want to give that to customers on premise through docker image. It works pretty well. However, if someone copies image and exports/extracts (export or save command), everything becomes visible that includes our python files and library (python) files as well.
Is there a way, we can protect our code such that customers can't export it or see anything inside the image? Is there a way whole image can be encrypted or locked? I believe obfuscation can help to an extent, is there an obfuscation tool that obfuscates whole project (all files and folders while not breaking references)?
The root user on the host machine (where the docker daemon runs) has full access to all the processes running on the host. That means the person who controls the host machine can always get access to the RAM of the application as well as the file system. That makes it impossible to hide a key for decrypting the file system or protecting RAM from debugging.
Since you are sharing the image, You got no way to protect it from copying.
However using obfuscation on a standard Linux box, you can make it harder to read the file system and RAM, but you can't make it impossible or the container cannot run.

Can I use FindFirstChangeNotification to notify on files created on a network drive?

I need to detect a file being created on a NAS drive. The system that needs to be notified is running Windows. I first tried Watch 4 Folder 2.5 but it did not work. The author reports it does not support network drives.
So I looked for ways to develop my own utility. I found the ATFileNotification Component for Delphi.
It can detect changes if the Windows machine that is running the notify utility creates or deletes the file on the network share. However, if the file is created by any other machine on the network, the utility does not notify.
The ATFileNotification component encapsulates the Win32 FindFirstChangeNotification function. Is the inability to detect changes on a remote drive not caused by the system where it is running a fundamental shortcoming of FindFirstChangeNotification, or is there some type of parameter I need to set or other workaround?
If FindFirstChangeNotification is unable to perform this task, is there any method to detect remote files other than polling the remote directory on a timer?

What is a good Sublime Text workflow for sharing a common setup between several platforms

I'm using Windows, Mac and Linux machines in my daily duties. On all machines, I program in C++ and various shells scripts. So far I've adopted the various "main" IDEs on each platform, but the diversity is irritating. I'm therefore looking into the possibility of using Sublilme Text on all platforms.
I have a setup of Sublime Text on Windows that works perfectly and would like to use the same on the other platforms also, so that when I change something in my Sublime setup on, say, my Mac, I can easily pick up the latest setup on my Windows machine the next time I'm there.
Is this possible on the 3 mentioned platforms, without getting (more) grey hair? If so, any suggestions or experiences thereof?
Many folks upload the "Packages/User" folder to GitHub (or your VCS service of choice). Then, they use Package Control to install their packages. Package control, through a settings file, will install any missing packages on a particular machine. I wrote a bit more about it here. You would then clone the git repo onto each machine, pulling updates when you decide to change something.
Alternatively, you could probably use a cloud service + symlinks to keep things auto synced, but I've personally never used it that way.
There are some plugins that are platform specific, so keep an eye out for those.
There's also the Package Package Syncing, which syncs installed packages and settings via some cloud service.
Works quite nicely, and automatically.
Has the advantage that you don't have to push/pull some dotfiles repo all the time.
No idea though whether this will work seamlessly across platforms (meaning whether all the settings will be platform-independent).

Difference between 2 exe files

One exe file is system file, such as net.exe or sc.exe; one is downloaded like PsService.exe.
I found that One(net.exe or sc.exe) I can use it in a service via ShellExecute(); another cannot be used. what is different between them? any one knows?
simon
net.exe and sc.exe are system administration commands, and fire UAC if the current user session doesn't have administrative privileges. If you are trying to make changes to the system's configuration, please learn about WMI or the specific API for the sub-system (e.g. the Windows Network Functions) (as well as about administrative priviliges and how to obtain them).

Resources