top | item 28469145

(no title)

cbetti | 4 years ago

It's far easier to enforce information Access control in a services oriented architecture.

In a monolith, a developer doesn't even have to use an access controlled API. They can simply access sensitive data through underlying access mechanisms and return it through an inappropriate endpoint.

discuss

fendy3002|4 years ago

Agree, only if you have the proper manpower, good QC and security standard in your company. For those with smaller and inexperienced team, it's easier to do it in server-render based monolith application.