undefined | Better HN

0 pointsichbinlegion2y ago0 comments

> It will not attempt the riskiest attack scenarios

What does that mean exactly?

Do you manually assess what is risky for a particular API, or is it up to the system to choose?

If it's up to it, what happens if it thinks that's not risky to delete user data?

0 comments

We created specific safeguards for production mode; for instance, Escape doesn't launch any DELETE requests in prod mode.

You can also manually configure an allowlist/blocklist of operations for specific use cases.

j / k navigate · click thread line to collapse

0 pointsichbinlegion2y ago0 comments

> It will not attempt the riskiest attack scenarios

What does that mean exactly?

Do you manually assess what is risky for a particular API, or is it up to the system to choose?

If it's up to it, what happens if it thinks that's not risky to delete user data?

We created specific safeguards for production mode; for instance, Escape doesn't launch any DELETE requests in prod mode.

You can also manually configure an allowlist/blocklist of operations for specific use cases.

j / k navigate · click thread line to collapse