Very cool, but this is a security anti-pattern. Having the auth, db and file ser... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		TruthWillHurt on Jan 7, 2024 \| parent \| context \| favorite \| on: Pocketbase: Open-source back end in one file Very cool, but this is a security anti-pattern. Having the auth, db and file server in the same service.. an attacker doesn't even need lateral traversal or privilege escalation once inside..

deberon on Jan 7, 2024 [–]

There’s something to be said about drastically reducing your threat surface too. Locking down 1 server is easier than locking down a fleet. You can still have security in depth inside your server.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact