Comment on Created a self-hosted API for CRUD-ing JSON data on different storage providers (local, S3, minIO, ...).
Many api implementations are bare http because security is expected to be handled / wrapped by another technology.
“Security” is not just “ssl”…
That’s true. So is my comment.
What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?
At the time I made the comment, I didn’t realize this was building with in sanitized inputs and absolute paths.
And I should know better, I use burp a couple times a month. My bad.
atzanteol@sh.itjust.works 3 weeks ago
“Security” is not just “ssl”…
non_burglar@lemmy.world 3 weeks ago
That’s true. So is my comment.
atzanteol@sh.itjust.works 3 weeks ago
What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?
non_burglar@lemmy.world 3 weeks ago
At the time I made the comment, I didn’t realize this was building with in sanitized inputs and absolute paths.
And I should know better, I use burp a couple times a month. My bad.