Improve explanation on API exposition

This commit is contained in:
Michel Loiseleur 2024-07-29 12:12:04 +02:00 committed by GitHub
parent 3ba53df005
commit 5a70910dce
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -16,13 +16,9 @@ including sensitive data.
In production, it should be at least secured by authentication and authorizations. In production, it should be at least secured by authentication and authorizations.
A good sane default (non exhaustive) set of recommendations !!! info
would be to apply the following protection mechanisms: It's recommended to NOT publicly exposing the API's port, keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
* At the transport level:
NOT publicly exposing the API's port,
keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
## Configuration ## Configuration