Improve explanation on API exposition
This commit is contained in:
parent
3ba53df005
commit
5a70910dce
1 changed files with 3 additions and 7 deletions
|
@ -16,13 +16,9 @@ including sensitive data.
|
||||||
|
|
||||||
In production, it should be at least secured by authentication and authorizations.
|
In production, it should be at least secured by authentication and authorizations.
|
||||||
|
|
||||||
A good sane default (non exhaustive) set of recommendations
|
!!! info
|
||||||
would be to apply the following protection mechanisms:
|
It's recommended to NOT publicly exposing the API's port, keeping it restricted to internal networks
|
||||||
|
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
|
||||||
* At the transport level:
|
|
||||||
NOT publicly exposing the API's port,
|
|
||||||
keeping it restricted to internal networks
|
|
||||||
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
|
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue