|
|
|
|
|
|
by andrewflnr
5477 days ago
|
|
|
I think you're overblowing his point a little, and attacking a straw man. I don't think he's talking about not-using-refrigerators/storing-passwords-in-plain-text type of insecurity, just worrying less about loopholes that are non-critical and unlikely to be exploited anyway until you have lots of users. He did say "within reason". |
|
|
1.) Implement bulky external security measures -- like client-side certs or VPNs -- and replace them with more scaleable solutions as the user count grows.
2.) Inform your users that they are interacting with an unsecured fledging service, such that they do not have an expectation of privacy. At the very least, warn them not to use this service on an unsecured coffee-shop WAN.