Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Surprised security wasn't mentioned as a reason to decouple services (IMO security is a top reason to split out a service).

Otherwise I tend to agree with the author.



Can you explain that a bit more? What added security benefits do micro services provide that couldn't be accomplished using role- or claim-based authorisation?


Machine separation for one (OS level exploits, escalation of privileges in one component compromising another). Network partitioning with strong protocol filters between security tiers can be invaluable.


I'd guess that what he means is that an attacker who compromises one micro service may not end up compromising all of them, whereas if they compromise a monolith, they have access to everything.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: