Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you're on a private network (like your own DC), I'd argue that network-based security is a poor idea because then an attacker just needs to plug in and have pretty easy access.

If you're on the public cloud, I'd argue that this is an even bigger problem as you're then relying on VPC (or the equivalent) to always work correctly.

Why not ignore the networking and just build in robust security? Pubkey authentication where possible, random long passwords where not? Retry limits for clients, network intrusion detection, etc. To me, relying on the network to keep you secure seems a bit like a crutch.



This is an optimistic counterpoint.

However realistically nearly all persistence services such as MySQL, Postgres, MongoDB, Memcache, ElasticSearch, etc either have been insufficiently hardened as a public service or flat out are not intended to be used on a public port and depend on the network for security.

There is not currently an option to connect an RDS database instance to a Lambda function without opening said database instance up to the public. It's a problem.

You are correct that SSH tunneling could be used to provide security but such usage is not yet a standard approach.


Totally agree. It's our most requested feature on the Lambda team and a priority to enable.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: