This is again a defense in depth thing. In the age of WFH, cracking a corporate ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Anon1096 on Feb 19, 2024 \| parent \| context \| favorite \| on: My notes on Gitlab's Postgres schema design (2022) This is again a defense in depth thing. In the age of WFH, cracking a corporate VPN is really not that difficult. If you can make an attacker's life harder for low cost you should do it just in case.

yellowapple on Feb 19, 2024 [–]

Except you ain't really putting up a meaningful obstacle against an attacker here. Compared to the typical effort of cracking a corporate VPN, brute-forcing IDs is downright trivial.

Like I said elsewhere: it's like calling ROT13 "defense in depth".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact