3

When did we decide managing Users through Cloud REST architecture was more secure than having them in an underlying DB?

Because I can't put my finger on exactly why... but I don't like it and I think it's probably less secure... and just spawned from the need to be able to make user management a subscription based service like fucking everything? When a simple MySQL or postgres and some bcrypt somewhere would be both more secure and infinitely cheaper?

I'm more used to consuming REST API's than writing them. Can any you REST peeps help me understand how a REST API could be made as secure as a SQL DB connection for user management?

What do you think the attack vectors are for a REST API User Management? Like... what's the SQL injection of REST API? Pack some extra JSON somewhere or something?

At least if I can have faith my shit's not gonna get hacked because I have to use a 3rd party REST service for User Management of Users to my own fucking app I can maybe sleep tonight.

Comments
  • 1
    The only risk is that you don’t know how to use/configure it properly. Other than that, it is just an API, well I mean you communicate with SQL via an API, the only difference this time is you are using HTTPS.

    From a software design perspective, abstracting logic for user management away from low level data layer is a good idea, since you never know when you need to switch database engine, or are required by law to use a separate data enter to store sensitive identity information. Always nice to have abstractions so you don’t need to spend months later to change everything.
  • 0
    Update 44 days later.

    I just injected SQL into their API.
Add Comment