|
|
|
|
|
|
by tommiegannert
1037 days ago
|
|
|
Online mirrors are fine if they have boundaries that make them very certainly append-only. Opening up scp/rsync and saying "our client only writes new files" is bad. Using a dedicated stream-writing interface over TLS is probably fine. As for the other attack vector: segregating the admin credentials so that the stream-writing interface cannot be bypassed, yeah, fun. 2FA only gets you so far. |
|
|