Hacker News new | ask | show | jobs
by aliswe 2279 days ago
Am I the only one who thinks this feels wrong? Shouldnt cloud services use token based auth even internally?

At our place we don't protect our backend services behind firewalls, they're protected by auth0 tokens ...
1 comments
detaro 2279 days ago
Why frame this as only an either-or? Seems like it's a cheap additional layer of security.

You also might have components you haven't written yourself that don't use tokens, e.g. databases.

link