Thanks for checking my project out. In the readme I state it’s for ‘small personal projects’ where you want to get something quickly. However, “widly insecure” seems a bit much? If you use it for storing data that has no privacy (like blog posts, and their comments)?
atzanteol@sh.itjust.works 1 day ago
I think you should make it more clear in your docs that this is wildly insecure and should be restricted to “tinkering” usage only.
That said it seems like a fun project to write.
LaVillaStrangiato@infosec.pub 1 day ago
non_burglar@lemmy.world 1 day ago
Many api implementations are bare http because security is expected to be handled / wrapped by another technology.
atzanteol@sh.itjust.works 1 day ago
“Security” is not just “ssl”…
non_burglar@lemmy.world 1 day ago
That’s true. So is my comment.
atzanteol@sh.itjust.works 1 day ago
What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?