Comment by dwattttt

Comment by dwattttt 10 months ago

0 replies

View on Hacker News

The failure modes are much clearer: when you write the API in a default-deny context & forget to add that allowed pattern, it never works, so you notice & figure out the bug.

The same story with default-allow means the system looks like it works fine, and you end up with no security at all.