logoalt Hacker News

EvanAndersontoday at 5:27 PM1 replyview on HN

That's great when you have control of your applications. For most corporate IT you're stuck with COTS applications and whatever their built-in auth functionality is. Sure, you can probably bolt a reverse proxy in front (if you're lucky enough for it to be a web app and not a thick native code client) but you get to argue with the vendor when they refuse support because you're not using their recommended configuration.

802.1x certificate-based authentication at layer 2 is a good defense in depth strategy.


Replies

lokartoday at 5:45 PM

Use envoy or some other reverse proxy and do per-app auth there