[h4waii]

No no, it's encrypted so you can just completely ignore the security of your web service.

* Broken auth? Doesn't matter, encrypted.

* IDOR? Encryption takes care of it!

* Blind SQL or something from the 90s? EEENNNNCCCRRYYPPPTTIIOOONN!

[sascha_sl]

To be fair, this feature is part of Cloudflare's ZeroTrust offering, so you're meant to put a policy in front of it and forget it. This is great for getting extremely old legacy services that previously relied on VPN network trust onto an actual SSO provider instead.

[diarrhea]

They probably use military-grade hashes too. So you know it is very secure indeed.

[johnhenry]

> ... you can just completely ignore the security of your web service

Be weary of such absolute statements -- especially when it comes to security.

[gmadsen]

you are replying to a sarcastic comment that agrees with you..