|
|
|
|
|
|
by steven777400
3348 days ago
|
|
|
Another key aspect is new security approaches to consider during development and integration. Currently an API can be secured as desired, and everything else can be hidden behind the firewall. With the serverless approach more thought has to be given to ensure there isn't "round-a-bout" ways to bypass application security and data validation. Edit: I don't mean to sound negative, I think serverless structure is finally the realization of what "cloud" has promised and not quite delivered for so many years. |
|
|
What we have been doing is using typescript interfaces[1] to validate our API input data. This really makes the data validation painless for us.
EDIT: Thinking about this a little more, this really only ensures that the provided data is the right "shape", there may still need to me more validation performed.
[1] https://github.com/ysangkok/typescript-interface-to-jsonsche...