[ZenoArrow]

> PMs now expect that you can create a Java micro service that does basic REST/CRUD from a database and get it into production in a total of two days.

Have you heard of malicious compliance? Give the PMs what they ask for, then show them how what they've asked for is flawed. Your job as an engineer is not to just take orders blindly, it's to push for a better engineered solution. It's really not hard to show that what these PMs are asking for is stupid.

[retired]

A new micro-service in two days is easy with an IDE and autocomplete. But now with AI the PM will likely push to have it in production in a day. Which is possible, but quality will be questionable.

[ZenoArrow]

> A new micro-service in two days is easy with an IDE and autocomplete.

Is your username accurate, are you currently retired? I hope you know there's a big difference between something that is functional and something that is production ready.

[retired]

Somewhat retired last year. Looking for something new to do. Basic Java micro service with Spring Boot ands it is three hours of coding to write and read from a database and expose over REST interface. Two hours for a tests. Rest of the time is to set up environments, coupling everything, documentation. Two days is do-able if you have a good CI/CD template and your Azure/AWS is setup correctly.

[ZenoArrow]

I hope the companies you worked for had someone else taking care of security, as what you've described is a ransomware writer's wet dream.

[retired]

You have a gateway / platform for that. You aren’t exposing those services to the internet.

[ZenoArrow]

> You aren’t exposing those services to the internet.

You aren’t knowingly exposing those services to the internet.

FTFY. Furthermore, internal services can still be abused to get data that shouldn't be shared. For example, imagine if your imaginary API was for a HR system, and could be used to determine salary information for staff.

If you aren't considering API security, you're almost bound to make major mistakes, and I'd bet money that most APIs designed and implemented in 2 days have tons of security holes.