|
|
|
|
|
|
by chillbill
1116 days ago
|
|
|
Yeah truly :) I "may" use Postgres on RDB, but won't use a service they offer I don't know the infra of or be certain if I'm the only one who can access. Definitely non of those auth services you mentioned. Why do you think many people are very much anti mysterious "clouds" and there's general push towards self-hosting from people who know how things work. |
|
|
An authorization proxy is quite the same, and I would argue that for some teams is much safer to use than building your own AuthZ. Broken access control is the top OWASP risk for a reason (i.e: implementation complexity)
source: https://owasp.org/Top10/A01_2021-Broken_Access_Control/