Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Firebase seems to suffer a similar problem of people not setting permissions right. The only major difference is that they seem to steer devs pretty aggressively to Google auth which won't leak password hashes.

While in theory your API can be the database it seems like a footgun for the inexperienced and AI.





to be fair, Auth and access control is just "hard" problem in general tbh

we have so many data breach because they lack "common basic" security best practices, we aren't talking about state level hacker here

just public bucket storage and so on

reply


AWS also had to add some serious warnings into S3 console to stop people from blowing their foot off with public buckets.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: