|
|
|
|
|
|
by techdragon
1185 days ago
|
|
|
It’s beyond not a sensible API, it’s significantly harder to secure, inappropriately so… On the licensing service side as they have to lock down a database server to allow safe A.C. access by arbitrary clients… And requires end users to carve out firewall/network security rules to allow outbound connections to an arbitrary database server, which is a pretty significant data exfiltration vector and I’d be extremely concerned about enabling this even at the best of times… The mitigation would have been trivial, gRPC, gRPC Web(which has excellent support in the .Net world) , or a regular HTTP API would have been completely adequate and this database driven solution is the sort thing I’m not surprised to see from a .Net developer, as along with Java devs seem to be the last remaining pockets where it’s obvious that a developer can go their entire career without knowing anything about code outside the corporate Network. Since that’s the only place this is even close to safe, 100% inside the corporate firewall. To clarify this is to say that the only two developer communities where I would not be surprised to see this are Java and .Net, because they contain enough developers who lived inside the corporate walls and have yet to gain enough exposure to wider community practices, not because of anything about the languages themselves but because if the social dynamics involved in the developer population that work with these languages. |
|
|