Comment on Created a self-hosted API for CRUD-ing JSON data on different storage providers (local, S3, minIO, ...).
Many api implementations are bare http because security is expected to be handled / wrapped by another technology.
“Security” is not just “ssl”…
That’s true. So is my comment.
What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?
At the time I made the comment, I didn’t realize this was building with in sanitized inputs and absolute paths.
And I should know better, I use burp a couple times a month. My bad.
atzanteol@sh.itjust.works 2 months ago
“Security” is not just “ssl”…
non_burglar@lemmy.world 2 months ago
That’s true. So is my comment.
atzanteol@sh.itjust.works 2 months ago
What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?
non_burglar@lemmy.world 2 months ago
At the time I made the comment, I didn’t realize this was building with in sanitized inputs and absolute paths.
And I should know better, I use burp a couple times a month. My bad.