Improve explanation on API exposition
This commit is contained in:
parent
3ba53df005
commit
5a70910dce
1 changed files with 3 additions and 7 deletions
|
@ -16,12 +16,8 @@ including sensitive data.
|
|||
|
||||
In production, it should be at least secured by authentication and authorizations.
|
||||
|
||||
A good sane default (non exhaustive) set of recommendations
|
||||
would be to apply the following protection mechanisms:
|
||||
|
||||
* At the transport level:
|
||||
NOT publicly exposing the API's port,
|
||||
keeping it restricted to internal networks
|
||||
!!! info
|
||||
It's recommended to NOT publicly exposing the API's port, keeping it restricted to internal networks
|
||||
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
|
||||
|
||||
## Configuration
|
||||
|
|
Loading…
Reference in a new issue