Hacker News new | ask | show | jobs
by lmm 591 days ago
> you just need to keep them long enough to cover the breach, and to be able to understand them after the fact

And avoid leaking customer information/passwords/etc. through them until then, which is the hard part.
1 comments
djbusby 590 days ago
Yep. I've seen WAF in "audit mode" and it's got load of client API keys in there, among other fun things.

Check the box for WAF but adds a new risk.

link