Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: StrongDM – 1-click access to any database or server in any environment (strongdm.com)
38 points by sbrown12 5 months ago | hide | past | web | favorite | 6 comments

So this is a proprietary system that gates all access to critical systems.

Designed by a company with 1-10 employees (AngelList).

Are we really supposed to believe that their small team totally got security right 100% on their first try without the decades of community auditing vanilla ssh has enjoyed?

Are we supposed to trust no malicious code made it into their repos? That they audit all the third party modules for their Javascript frontend? That the employee that cuts binary releases can't be blackmailed to introduce a subtle flaw that will add a fixed ssh key to all servers their tool manages?

Imagine if SpaceX -did- use this tool. Blackmailing or phishing one employee to gain access to all of SpaceX systems sounds like a state actors wet dream.

Anyone who considers a product like this has no business protecting access to their employers systems IMO.

Maybe if they open source it, place bug bounties for extensive community auditing, allow fully on prem deployments, offer consulting/support contracts, and do all PKI in HSMs end to end...

Then -maybe-.

Is their SSO as secure as SSH as their marketing seems to assume? Sure saving time is great, but replacing unbeatable cryptography with bad passwords isn't good.

This is interesting but, how much? Can’t find the pricing....

Love this product - our team can't live without it!

Your team can’t function without third party software logging database access? What exactly does your team do?

Shill, mostly.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact