I’m sure I don’t know ALL the "security best practices that have been around for 20+ years" and this is perfectly fine as long as I’m able to react quickly. See also https://xkcd.com/1053/.
It's fine if you personally didn't know that. But if I'm paying for a service, I expect the provider to understand basic security best practices that have been industry standard for 20+ years. And if they don't, they should be hiring people who do.
XKCD 1053 is not a valid excuse for what amounts to negligence in a production service.
hk__2|4 months ago
blenderob|4 months ago
XKCD 1053 is not a valid excuse for what amounts to negligence in a production service.