Improve explanation on API exposition

This commit is contained in:
Michel Loiseleur 2024-07-29 12:12:04 +02:00 committed by GitHub
parent 3ba53df005
commit 5a70910dce
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -16,12 +16,8 @@ including sensitive data.
In production, it should be at least secured by authentication and authorizations.
A good sane default (non exhaustive) set of recommendations
would be to apply the following protection mechanisms:
* At the transport level:
NOT publicly exposing the API's port,
keeping it restricted to internal networks
!!! info
It's recommended to NOT publicly exposing the API's port, keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
## Configuration