docker login should never register a new account or implicitly assume dockerhub #12991
Description
Currently whenever I type in docker login and forget about passing a URL of my private repository, it will default to dockerhub. Even worse, if I type in a non-existing user details, a new account will be registered for me. Unless there are some factors that I do not understand yet, this seems like a serious security issue.
Imagine a deployment script which performs a docker login $repoUrl and repoUrl somehow ends up empty. Or a distracted employee who types in only docker login without a repository URL. Private-registry specific username/password/email is fed to docker login and a new dockerhub account is created. This is completely unintended behavior, and there are multiple problems with that:
- it is too easy to send trusted credentials to a third party service (dockerhub)
- even though the account needs an activation, and image name usually contains a repository URL, I can imagine a corner case (in current or some future docker/dockerhub version) in which the actual
docker pushsends some or all of my private layers to a public space. It's not like docker has no critical issues every now and then.
Especially dangerous corner case is a person who has the same credentials for docker registry and private repository as no account activation is needed.
The implicit registration could be solved by a separate command like docker register.
Implicit choice of dockerhub could be solved by simply requiring user to type in the repository URL. Okay, this is a little less convenient, but gives much more confidence when working with docker. If it is a big pain then why not allow user to specify a default repo in ~/.dockercfg - then at least user could have a chance to explicitly express desire to even use dockerhub with docker login.