![]() That means they’d never put production secrets on a user device… definitely never on any end-user devices, but also not even on an admin’s. Just to get it out of the way, the “correct” answer is of course “none of the above.” In enterprise-grade environments, sensitive services are run on hosts that are the least likely to be compromised and have managed security/audit controls. He’s not proposing obfuscations as a substitute for real security. Maybe that would only thwart a really novice attacker, but the main thing is that he’s thinking about security and adapting. says he likes to store his api credentials in base64, though he acknowledges that it’s just obfuscation. In the comments on derflounder’s post, Richard P. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |