Ask HN: Securely exposing host just to webhooks
Background: I wish to listen for github webhooks on a Jenkins instance sitting in a private network. There are no public endpoints on the network, it's for internal services. Easy enough to add an endpoint that forwards to Jenkins, but I'm not a web dev person and have no experience securing public endpoints so this is a terrifying prospect to me. I could easily introduce a huge backdoor without realizing. What's best practice to accomplish this? Is there a tool that is user-friendly enough so as to prevent me from doing stupid things? Or should I just forget about it and poll from inside more frequently? I guess I'm really asking is security still a full time job? Because the gain relative to just polling more frequently is very small here, and the risk is enormous. So unless things are absolutely rock solid and fool proof I'm better off just not. 2 comments on Hacker News.
Background: I wish to listen for github webhooks on a Jenkins instance sitting in a private network. There are no public endpoints on the network, it's for internal services. Easy enough to add an endpoint that forwards to Jenkins, but I'm not a web dev person and have no experience securing public endpoints so this is a terrifying prospect to me. I could easily introduce a huge backdoor without realizing. What's best practice to accomplish this? Is there a tool that is user-friendly enough so as to prevent me from doing stupid things? Or should I just forget about it and poll from inside more frequently? I guess I'm really asking is security still a full time job? Because the gain relative to just polling more frequently is very small here, and the risk is enormous. So unless things are absolutely rock solid and fool proof I'm better off just not.
Background: I wish to listen for github webhooks on a Jenkins instance sitting in a private network. There are no public endpoints on the network, it's for internal services. Easy enough to add an endpoint that forwards to Jenkins, but I'm not a web dev person and have no experience securing public endpoints so this is a terrifying prospect to me. I could easily introduce a huge backdoor without realizing. What's best practice to accomplish this? Is there a tool that is user-friendly enough so as to prevent me from doing stupid things? Or should I just forget about it and poll from inside more frequently? I guess I'm really asking is security still a full time job? Because the gain relative to just polling more frequently is very small here, and the risk is enormous. So unless things are absolutely rock solid and fool proof I'm better off just not. 2 comments on Hacker News.
Background: I wish to listen for github webhooks on a Jenkins instance sitting in a private network. There are no public endpoints on the network, it's for internal services. Easy enough to add an endpoint that forwards to Jenkins, but I'm not a web dev person and have no experience securing public endpoints so this is a terrifying prospect to me. I could easily introduce a huge backdoor without realizing. What's best practice to accomplish this? Is there a tool that is user-friendly enough so as to prevent me from doing stupid things? Or should I just forget about it and poll from inside more frequently? I guess I'm really asking is security still a full time job? Because the gain relative to just polling more frequently is very small here, and the risk is enormous. So unless things are absolutely rock solid and fool proof I'm better off just not.
Hacker News story: Ask HN: Securely exposing host just to webhooks
![Hacker News story: Ask HN: Securely exposing host just to webhooks]()
Reviewed by Tha Kur
on
June 24, 2018
Rating:
No comments: