Hacker News new | past | comments | ask | show | jobs | submit login

Hey, Ricky from Twilio here.

In this case, while these environment variables appear to be sensitive, they are ephemeral keys, uniquely issued to the Function as part of running within Lambda. Their associated actions and permissions have been reviewed, approved and are required to run the Function. There is no risk of any Twilio customer’s Function being accessed or modified by disclosure of these keys.

That said, we much appreciate the community raising potential concerns. If y’all ever see anything that looks like a vulnerability, we’d love for you to submit it to our Bug Bounty program: https://bugcrowd.com/twilio




Thanks for letting us know Ricky, it's great to see new functionality being released so often on Twilio. Playing with functions for a bit today, it would be great to be able to add additional nodejs libraries, is that a feature coming up any time soon?


It is great to see that the industry is moving from webhooks to Functions. We've seen this model succeed at Auth0 with our Rules feature [1] implemented 3 years ago. Recently productized this experience with Auth0 Extend [2]. It supports all node modules, a one-line of js emebeddable Editor, real time logs, vault to store secrets, custom programming models and crons.

[1] https://auth0.com/docs/rules

[2] https://auth0.com/extend/developers


just full disclosure. Woloski^ is the cto and founder of autho. They have a competing product in the serverless space. Click on the links to learn more. Here is the pricing page, https://auth0.com/pricing


Stoked to hear you've been playing with it. I can't make any promises on roadmap yet but we're excited to get feedback from the community while we're in public beta to help shape what Functions become for GA. If you keep hacking with it and have thoughts feel free to drop me an e-mail (ricky AT twilio.com).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: