How are the Netlify Functions going? I also looked into this route for securing my APIs but I was concerned about the exposed endpoints with Netlify Functions. A malicious actor can reach this endpoint and use a bot to cause damage/ have the API shut down. I ended up using KOR Connect for the extra protection on the public endpoint that is created to prevent unwanted calls with or without the browser
At the end Netlify functions worked just fine to me. We could secure the function to accept only wanted connections without issues. This kor tool looks nice but there is no info about how the security works nor their datacenter security, info handling or even penetration testings. At the place I work at, this things are key values for us to choose a provider.
I have seen some local proxies around, I wonder if putting them into an ec2 would work haha
We are currently working on putting more information on our web explaining the security side of our app. Once we update this during the coming weeks, feel free to give it a look!
I assure you can have a better experience than doing functions.
We understand that concern and we are currently preparing more documentation to go in-depth about our security measures. To summarize our security at a high level, we have encryption at rest and in transit for all sensitive information; the cool part lies in securing the requests to your API. To accomplish this we use Google's reCaptcha as an attestation service to validate where the traffic is coming from, i.e. your front end. We have some additional validations in place to make the requests more secure. It’s super easy to set up, try it out and let us know if you have any questions. You'll find you are right about this being a nice alternative to Netlify when looking for a quick and safe way to connect you FE and API.
If you have any specific questions feel free to post them here or you can email us at info@getkor.io
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Looks great, I started to do Netlify functions just today but this looks like a nice alternative. I just wonder if this is safe enough though...
How are the Netlify Functions going? I also looked into this route for securing my APIs but I was concerned about the exposed endpoints with Netlify Functions. A malicious actor can reach this endpoint and use a bot to cause damage/ have the API shut down. I ended up using KOR Connect for the extra protection on the public endpoint that is created to prevent unwanted calls with or without the browser
At the end Netlify functions worked just fine to me. We could secure the function to accept only wanted connections without issues. This kor tool looks nice but there is no info about how the security works nor their datacenter security, info handling or even penetration testings. At the place I work at, this things are key values for us to choose a provider.
I have seen some local proxies around, I wonder if putting them into an ec2 would work haha
Hi Elliot,
We are currently working on putting more information on our web explaining the security side of our app. Once we update this during the coming weeks, feel free to give it a look!
I assure you can have a better experience than doing functions.
We understand that concern and we are currently preparing more documentation to go in-depth about our security measures. To summarize our security at a high level, we have encryption at rest and in transit for all sensitive information; the cool part lies in securing the requests to your API. To accomplish this we use Google's reCaptcha as an attestation service to validate where the traffic is coming from, i.e. your front end. We have some additional validations in place to make the requests more secure. It’s super easy to set up, try it out and let us know if you have any questions. You'll find you are right about this being a nice alternative to Netlify when looking for a quick and safe way to connect you FE and API.
If you have any specific questions feel free to post them here or you can email us at info@getkor.io