Comment by dkdbejwi383

4 days ago

If they have a HTTP API using standard authentication methods it's not that difficult to create a simple wrapper. Granted a bit more work if you want to do things like input/output validation too, but there's a trade-off between ownership there and avoiding these kinds of supply-chain attacks.

4 comments

dkdbejwi383

jacquesm 4 days ago

> Granted a bit more work if you want to do things like input/output validation too,

A bit? A proper input validator is a lot of work.

dkdbejwi383 4 days ago
If you aim for 100% coverage of the API you're integrating with, sure. But for most applications you're going to only be touching a small surface area, so you can validate paths you know you'll hit. Most of the time you probably don't need 100% parity, you need Just Enough for your use-case.
- jacquesm 4 days ago
  
  That's an excellent way to get bitten.
  
  1 reply →