Remix clone Hacker News

new | show | ask | jobs Github

▲

elevation a day ago

Doesn't it also add latency to every request?

▲

tough a day ago | parent | next [-]

I think the main point is the WAF companies must have lobbied to get that into the checklist

the main point is you need to pay a third party

▲

CoffeeOnWrite a day ago | parent [-]

You can call your existing reverse proxy a WAF to check this checklist item. (Your point still stands, on the median companies may opt to purchase a WAF for various reasons.)

	▲	zelphirkalt 16 hours ago \| parent [-]
		Often it is just pushing responsibility.

▲

formerly_proven a day ago | parent | prev | next [-]

So does running McAfee on every POST body but some places really wanna do that regardless. (I at least hope the scanner isn't running in the kernel for this one).

	▲	jrockway a day ago \| parent [-]
		Yeah, we were asked to do this at my last job by some sort of security review. This one doesn't bother me as much. "Display 'network error' whenever a user uploads a file containing 'SELECT *'" is a bad user experience. "Some files in this repository have been flagged as containing a virus and are not visible in the web interface until allowed by an administrator," is OK with me, though.

▲

swyx a day ago | parent | prev | next [-]

sure but how much? 3-10ms is fine for the fast protection when shit hits the fan.

▲

thunderfork a day ago | parent | prev [-]

[dead]