Comment by raw_anon_1111
21 hours ago
Yes the security boundary is the AWS account.
It doesn’t make sense for a random employee who mistakenly uses a third party app to compromise all of its users it’s a poor security architecture.
It’s about as insecure as having one Apache Server serving multiple customer’s accounts. No one who is concerned about security should ever use Vercel.
> It’s about as insecure as having one Apache Server serving multiple customer’s accounts.
You really have no clue what you’re talking about don’t you? Were you a sales guy at AWS or something?
He works for an AWS consulting company, where they promote cloud native solutions, driving cloud spend towards AWS. In many cases, managed cloud services are actually the way to go.
However, to say that serving multiple customers with Apache is "insecure" is inaccurate. There are ways to run virtual hosts under different user IDs, providing isolation using more traditional Unix techniques.
Hey, knock it off. If you disagree with someone, present a substantive counterargument.
Already did. There is no fixing a pretender. Someone arguing akin to “the security boundary of a Linux system is the electrical strip”
Well, I know that you have never heard of someone using a third party SaaS product at any major cloud provider compromising all of their customers accounts.
Are you really defending Vercel as a hosting platform that anyone should take seriously?
How is any of that a defense of Vercel? If you understood how any of this works you’d know that it isn’t. Vercel is a manifestation of what’s wrong with web development, yet it has nothing to do with “creating an AWS account per user account” nor “running a reverse proxy process per user account”.
1 reply →