re: An Intro On HTTP Security VIEW POST

VIEW FULL DISCUSSION
 

Thank you again for follow-up security post, Jamie.

I am trying to understand by rephrasing.

In Single Responsibility Principle,

give them the LEAST possible access; just enough to get the work done, and no more.

So Is the rule of thumb is to "black list" everyone and open up access one by one?

Did I understand it correctly?

no one has used SSL since the 90s, but the acronym has stuck

😲 I honestly didn't know!

 

So Is the rule of thumb is to "black list" everyone and open up access one by one?

Effectively yes. Think of your employer. Doea everyone in the world have access to your company building? I'd suspect that only those who need to be there so have access to it.

What about the server rooms? Assuming that you have on prem servers, of course. Is everyone at your work given admin access to the resources on your network? (please don't answer that one, just think about it).

You don't want to give everyone access to everything.

no one has used SSL since the 90s, but the acronym has stuck

😲 I honestly didn't know!

Yeah. The Secure Sockets Layer algorithm had too many potential flaws and was replaced with Transport Layer Security. From an end user perspective it's the same thing, though.

 
code of conduct - report abuse