Comment on Created a self-hosted API for CRUD-ing JSON data on different storage providers (local, S3, minIO, ...).
Many api implementations are bare http because security is expected to be handled / wrapped by another technology.
“Security” is not just “ssl”…
That’s true. So is my comment.
What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?
At the time I made the comment, I didn’t realize this was building with in sanitized inputs and absolute paths.
And I should know better, I use burp a couple times a month. My bad.
atzanteol@sh.itjust.works 1 day ago
“Security” is not just “ssl”…
non_burglar@lemmy.world 1 day ago
That’s true. So is my comment.
atzanteol@sh.itjust.works 1 day ago
What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?
non_burglar@lemmy.world 1 day ago
At the time I made the comment, I didn’t realize this was building with in sanitized inputs and absolute paths.
And I should know better, I use burp a couple times a month. My bad.