7

Project with partner company, during the meeting I asked them how can we secure the communication between two services. I suggested api keys, tokens. They were like nope, no need. But I asked them for their IPs to do whitelisting on our side in Nginx.

But their side, nah not even whitelisting, no tokens, no validations. If one has address, can send anything from anywhere.

How hard would it be to do at least, AT LEAST simple token validation. And they are using the very old IIS server. I think for them as long as data flows in as expected, it is fine.

Comments
  • 0
    please say that their not using public ips.
  • 0
    @stop they are, well I tried, I couldn't push them, all I can do is to secure my side.
  • 1
    The fact that they're using a very old IIS server is indicative of their general cheapness and half-assed approach to projects.
Add Comment