
Show HN: StrongDM – 1-click access to any database or server in any environment - sbrown12
https://www.strongdm.com/
======
lrvick
So this is a proprietary system that gates all access to critical systems.

Designed by a company with 1-10 employees (AngelList).

Are we really supposed to believe that their small team totally got security
right 100% on their first try without the decades of community auditing
vanilla ssh has enjoyed?

Are we supposed to trust no malicious code made it into their repos? That they
audit all the third party modules for their Javascript frontend? That the
employee that cuts binary releases can't be blackmailed to introduce a subtle
flaw that will add a fixed ssh key to all servers their tool manages?

Imagine if SpaceX -did- use this tool. Blackmailing or phishing one employee
to gain access to all of SpaceX systems sounds like a state actors wet dream.

Anyone who considers a product like this has no business protecting access to
their employers systems IMO.

Maybe if they open source it, place bug bounties for extensive community
auditing, allow fully on prem deployments, offer consulting/support contracts,
and do all PKI in HSMs end to end...

Then -maybe-.

------
ddtaylor
Is their SSO as secure as SSH as their marketing seems to assume? Sure saving
time is great, but replacing unbeatable cryptography with bad passwords isn't
good.

------
33degrees
This is interesting but, how much? Can’t find the pricing....

------
gratner
Love this product - our team can't live without it!

~~~
beokop
Your team can’t function without third party software logging database access?
What exactly does your team do?

~~~
stevekemp
Shill, mostly.

