|
|
|
|
|
|
by yasyfm
1604 days ago
|
|
|
Really excellent point. The way we try to handle this is by sealing off the part of the system that has any access to customer credentials, and making sure those credential are as minimal as possible (e.g. we can grant and revoke permissions to an existing user, but we cannot create new users or new permissions). |
|
|