My organization may imminently be forcefully scrutinized. What sort of extra security, beside the default ones, is available on a Discourse site hosted on Amazon AWS? Can we enable something similar to Signal to avoid our conversations being “spied” from anyone very motivated who is not registered in our private site, but who would be given admin privileges to the virtual machine running the Docker instance?
1 Like
root access on the host server effectively gives full access to all content in Discourse. Including soft-deleted content (it still lives on in the database) not permanently deleted.
(even while it was supported, our discourse-encrypt plugin would only give personal messages the benefit of encryption)
The best way to prevent this access from the host would be to not be able to give that access (for example if your site were hosted by us or another similar entity).
In that case, someone with admin access on the Discourse site would still be able to download a full database backup and see all data, but not be able to access the backend systems.
5 Likes