I see your point, but I think there is a version of this that would be fine. I i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		danpalmer on Feb 21, 2023 \| parent \| context \| favorite \| on: Down the Cloudflare / Stripe / OWASP Rabbit Hole I see your point, but I think there is a version of this that would be fine. I imagine these rules would be shown in the product so users can see the configuration and override it, perhaps it's an explicit opt-in, perhaps there's a public application process for inclusion or some sort of stated conditions so that it's not seen as too political which services are chosen... there are lots of options.

JohnFen on Feb 21, 2023 [–]

I agree. I was really responding to having such a pass be enabled by default. The defaults for any security system should be toward maximal security. Users being able to loosen the rules to fit their situation is fine and desirable.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact