|
|
|
|
|
|
by ZenoArrow
92 days ago
|
|
|
> You aren’t exposing those services to the internet. You aren’t knowingly exposing those services to the internet. FTFY. Furthermore, internal services can still be abused to get data that shouldn't be shared. For example, imagine if your imaginary API was for a HR system, and could be used to determine salary information for staff. If you aren't considering API security, you're almost bound to make major mistakes, and I'd bet money that most APIs designed and implemented in 2 days have tons of security holes. |
|
|