Hacker News new | ask | show | jobs
by slt2021 1355 days ago
this is because you deployed your somewhere in the public cloud and testing it from your workstation over public Internet? This is policy violation, and you need to learn how to develop and test properly over secure channels. Reach out to your Director of Engineering and request proper instructions how to develop and test software.

public Internet facing channel is rightfully scanned and screened for these kind of patterns to prevent unauthorized data loss
3 comments
pilif 1353 days ago
I think you misunderstood my tale. I'm running a SaaS business and one of our customers users had this issue when they were interacting with the site because that end user's proxy server was arbitrary altering AJAX requests made by their browsers.

This is a end user making a request to an online shop and the POST request to "add product 123456 to the basket" gets changes to "add the product 12***6 to the basket" by a security* proxy between the end user and the web site.

This isn't specific to the site we run. This would have happened on any site they were posting to.

link
alexvoda 1353 days ago
Shouldn't HTTPS prevent this unless the client has the certificate of the MITMer installed?

This being security theatre, it is entirely plausible that the "security" proxy actually decrypted trafic and required the user to have the certificate installed.

link
alexvoda 1353 days ago
As I was saying, (from uncle comment):

https://news.ycombinator.com/item?id=33095888

> I work at a government agency and here are my tales.

> 1) They install a root certificate on all machines and use that to MITM all TLS connections using a firewall appliance. They turn this MITM on one day without notifying any developer. Overnight, all our builds (run on-prem) fail because npm install, pip install etc fail and we spent a long time trying to figure it out. They are still failing to this day and I have to get off the VPN every time I need to run these simple commands. IT absolutely doesn't give a flying * about developers.

link
Fredej 1354 days ago
Or, hear me out ... Get a different job.
link
ornornor 1355 days ago
You must be fun to work with.
link
slt2021 1354 days ago
Had to deal with too many interns who go to company server and start updating packages and installing random stuff from internet using wget | sudo bash, like it is their college laptop, just to run some of crappy python snippet they found over at Stackoverflow
link
Xelynega 1354 days ago
Why are you giving interns root access to production servers?
link