undefined | Better HN

0 pointsstanleydrew8y ago0 comments

> Secure software isn't useful?

Nowhere in the sub-thread is this claimed.

> Insecure software isn't eventually value-destroying?

Nowhere in this sub-thread is anyone suggesting otherwise.

> Furthermore telling app devs not to worry about it because nginx takes care of everything is a false security blanket that will bite you eventually.

Nobody said this. But while we're on the topic the more likely false security blanket comes from telling app devs "just use 'net/http' and 'crypto/tls' and everything will be fine without a reverse proxy."

In any case the straw men you've raised are distracting and not driving the conversation forward.

0 comments

Whitestrake8y ago

> > Furthermore telling app devs not to worry about it because nginx takes care of everything is a false security blanket that will bite you eventually.

> Nobody said this.

That seems dishonest to say... From the grandparent:

> Or... you spend your time building something useful, leveraging skills you do have, and let nginx leverage its own strengths.

Really sounds like at least one person in this thread is advocating for app devs not to worry about things that nginx takes care of.

Agree that making straw men doesn't help. There's advice on either side regarding which one to use and realistically both are equally 'false security blankets'. The correct answer is to educate yourself on the benefit and drawbacks of each and make a conscious decision about where to implement your security.

j / k navigate · click thread line to collapse