-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
New to the list is Server-Side Request Forgery (SSRF), where you trick the remote server to fetch a sensitive URL on an attackers behalf (eg, internal service or cloud metadata URL from the context of an internal server), a language-agnostic defense is using something like Stripe's Smokescreen [1] which acts as a SOCKS proxy your app connects to when requesting URLs that should be quarantined, and it does the enforcement of access to internal/external IPs or not.
[1] https://github.com/stripe/smokescreen
I've seen a fair bit of this with Firebase apps, where devs don't write enough rules, or have collections that mix non-sensitive and sensitive fields. It's tricky, because the whole query-the-database-from-JavaScript model causes your app to fail open. I wrote a tool that acts as a generic Firebase datastore client to help find these sorts of flaws.[1]
[1]: https://github.com/iosiro/baserunner
Related posts
-
Using Llamafiles for Embeddings in Local RAG Applications
-
Really: Policy language for infra that doesn't suck
-
Show HN: Syntax highliting tool for code snippets in HTML
-
Integrating Datadog Instrumented Apps in your OpenTelemetry Stack
-
How to start a Symfony 7 application with Docker without having PHP locally installed on your machine