Security Concerns

I have had sequence server set up on a number of digital ocean droplets, and also on a local virtual server within my university network. In all cases, after a period of time, they have been detected as to source of various attacks on external servers.

This has not happened with other servers I am running without sequence server installed. What security measures, if any, have you got in place?

A

Hi Adam,

You should run SequenceServer behind Apache or Nginx and make use of their features to defend against attacks. SequenceServer tries that nobody gets to execute “rm -rf” on the server. Nonetheless, you should be careful not to run it as a privileged user.

Next version introduces thread pool. While many BLAST jobs can be queued, only a limited number will run at a time - depending on the size of thread pool. So you won’t run out of CPU, but you could still run out of memory if you face a DoS attack.

Feel free to review the code and send security fixes. One thing I would be interested in is restricting ENV of sub-processes that are spawned to run BLAST. And a chroot, if possible, to provide pseudo-sandboxing.

Priyam