Hacker News new | ask | show | jobs
by wardnath 2113 days ago
Agreed. This pretty much applies with any data & tool. If the data is extra sensitive, make extra sure the tool you are using is secure. If your data is for dev purposes only, the tool doesn't have to be validated as thoroughly.
2 comments
beardedwizard 2113 days ago
Wow really? Lateral movement is very real, your mindset is dangerous.
link
wardnath 2113 days ago
That is a good point to make. If the development data can lead to exfiltration of higher privacy data then I would define it as "more sensitive" and take that into consideration, this particularly applies to config information required for authentication. I understand your perspective however, it is important to take lateral movement into account.
link
thinkloop 2113 days ago
He addresses this. He mentions leaking implementation details, and possibility for mistakes.
link