Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mstdn.social/users/kkarhan/statuses/111630111516608333">Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:00 JST</a><a href="https://mstdn.social/@kkarhan" title="kkarhan@mstdn.social"><img src="https://gnusocial.jp/avatar/71381-48-20221216082034.webp" width="48" height="48" alt="Kevin Karhan :verified:" style="position: absolute; left: 0; top: 0;">Kevin Karhan :verified:</a><div><a href="https://mstdn.social/@kkarhan/111630111029944681" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/117164" title="protonmail@mastodon.social">Proton Mail</a></li><li><a href="https://gnusocial.jp/user/225791" title="hexaheximal@wetdry.world">hexaheximal</a></li></ul></div></section><article><p><a href="https://mastodon.social/@protonmail">@protonmail</a> <a href="https://wetdry.world/@esm">@esm</a> <a href="https://wetdry.world/@hexaheximal">@hexaheximal</a> </p><p>4. It's easier to audit a small, native app and even sandbox it into a single user that has literally 0 privilegues because a higher layer that doesn't allow said user to interact with it constricts it.</p><p>[Thats's literally done with <a href="https://mstdn.social/tags/Webservers" rel="tag">#Webservers</a> and <a href="https://mstdn.social/tags/Databases" rel="tag">#Databases</a> where they're run as dedicaded users which have no privilegues excpet their own use-cases</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2490956#notice-4929239">In conversation</a><time datetime="2023-12-24T01:04:00+09:00" title="Sunday, 24-Dec-2023 01:04:00 JST">about a year ago</time> <span>from <span><a href="https://mstdn.social/@kkarhan/111630111516608333" rel="external" title="Sent from mstdn.social via ActivityPub">mstdn.social</a></span></span><a href="https://mstdn.social/@kkarhan/111630111516608333">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:00 JSTKevin Karhan :verified:
in reply to
@protonmail @esm @hexaheximal
4. It's easier to audit a small, native app and even sandbox it into a single user that has literally 0 privilegues because a higher layer that doesn't allow said user to interact with it constricts it.
[Thats's literally done with #Webservers and #Databases where they're run as dedicaded users which have no privilegues excpet their own use-cases
In conversationabout a year ago from mstdn.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice