Hacker News new | past | comments | ask | show | jobs | submit login

This sort of thing is why it's nice to have authz throughout your environment. A client request that gets incorrectly forwarded to a proxy should be rejected by the downstream service.

The problem is that people keep all of their authn/authz at the boundary and then, once you're past that, it's a free for all.

Every service needs to validate authorization of the request.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact