Is public by default an unsafe default?
NotYouAgain
NotYouAgain at gmail.com
Thu May 2 00:04:09 UTC 2024
On Wednesday, 1 May 2024 at 14:33:42 UTC, Steven Schveighoffer
wrote:
> ..
> ...
> I can understand the counterpoint, that you may want to start
> from a point of view of exposing the least amount of "set in
> stone" API. But not everyone is on that ship.
The starting point (for one side of the discussion) would be
expose everything, then decide what not to expose.
The counter point would not (and could not) be expose nothing.
The counter point would in fact be, expose nothing, and then
'expose as little as possible'.
If I were part of a team debating this, I think the evidence
points to a certain advantage of being on one side, more than the
other.
https://nordicapis.com/8-significant-api-breaches-of-recent-years/
https://apisecurity.io/full-archive/
https://www.f5.com/labs/articles/threat-intelligence/reviewing-recent-api-security-incidents
the list for references here, is very, very long...so I won't go
further.
More information about the Digitalmars-d
mailing list