I'm with you guys on the encryption and tokens. Those are like API Security 101. But the operating system thing, that's a new one to me. I wonder what the rationale is there. Maybe they're trying to trick us?
Haha, yeah, basic auth for internal APIs? What is this, the 90s? Cloud hosting to manage security config is an interesting idea, but I think it really depends on the cloud provider and your specific use case. Gotta be careful with that one.
Yeah, I agree. Using encryption and signatures is a must for API security. And using tokens after authentication is also a really common best practice. Basic auth over internal APIs? That just sounds like a disaster waiting to happen.
Hmm, this is a tricky one. I'm not sure about using the same operating system throughout the infrastructure - that seems like it could be more of a deployment consideration than a security best practice. But using encryption and signatures to secure data, that's definitely a good one.
upvoted 0 times
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Goldie
8 months agoEarnestine
8 months agoHelaine
8 months agoSantos
8 months agoElena
8 months agoRessie
8 months agoSharmaine
8 months agoHoward
8 months agoElouise
8 months agoDeonna
8 months ago