Ask HN: How vulnerable are edge servers wrt security
I'm working on a project that uses Java microservices.
The project has an "edge server", except it does more than that. The ES will forward requests to downstream servers, as well as handle some of the requests itself. In order to handle those requests, it has access to an in-network database.
I had a concern that since the ES is accessible from the outside world, it was problematic that it had database credentials, but I don't know how founded that is. There IS an LB in front of the ES, so only https/443 traffic is allowed.
Client -> LB -> ES -> Internal Server
My thinking was that since vulnerabilities like log4shell exist, which can go through 443, we should try to take out the DB creds from the ES and move all those operations into another internal service.
Does anyone have any insights into the topic?
No comments yet.