I got into discussing the pros/cons of different developing environments. Local, Docker, Vagrant, Herd etc. One argument for using Docker vs Local was the security - if a compromised shell file should end up in a plugin, how much access does it have on my machine (OSX)? Breaking out of a Docker container is apparently quite hard, how about the virtualization/containerization Local uses? I really really really don’t want to switch but the security side might force me.
Thanks for asking about this, @Apeli
Local runs binaries like PHP natively without containers or virtualization to give you good performance and an easier setup than Docker or virtual machines.WordPress plugins have the same system access as other native applications running under your user account, which is low-risk for plugins from trusted sources since these undergo security vetting. Local’s approach is the same as other native PHP environments such as Laravel valet as well as local development tools like those based on Node.js, which also have user-level access when you serve PHP files or do node script.js. If you work with code from untrusted sources — such as performing security research or analyzing suspicious plugins — then Docker or virtual machines offer stronger isolation than native environments like Local and Valet, and you’re right to consider them. You might also consider additional precautions like running development tasks that use Node/npm or PHP/composer in the container or VM too.
2 Likes
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.