|
|
|
|
|
|
by avereveard
1945 days ago
|
|
|
Same, the whole tirade about sandbox escalation and other security aspect is of course a violation of isolation, but it's not particularly related to modularization. Microservices and the like are not about isolating code, are about isolating responsabilities within code first. The concerns expressed are valid, but the premise they move from are weird. Privilege escalation is a problem both in monoliths and micro services. People figuring out encryption keys from timing attacks is about the same threat both for micro services and monoliths. also, for such a long article, I find it weird that not once the session management, authorization, and relation integrity topics are mentioned, while schema versioning gets touched but not interface versioning, as if the suggestion is to make modules talk to each other by touching each other data. |
|
|
A. Privilege isolation is the hardest to refute benefit of microservices in theory, but you have to keep in mind that we need hardware virtualization to achieve a reasonably strong form of that (i.e. your k8s cluster isn't helping you out here, modulo Fargate perhaps)
B. This is rarely the primary concern when we look to microservices (or generally, modularity) to cure what ails us.
C. If we have less concern about trust boundaries, there are easier ways of modularizing code that probably solve the things we're really worried about (i.e. libraries or any other way of splitting code that is built into a single artifact).