Update: Microservices Security Cheat Sheet

[Zhiyuan-Amos]

What is missing or needs to be updated?

This line states

One of the simplest way to propagate external entity identity is to re-use the access token received by the edge and pass it to internal microservices. It should be mentioned that approach is highly insecure due to possible external access token leakage and may decrease an attack surface because the communication relies on proprietary token-based system implementation and internal microservices have to understand external access token.

I think, this issue results in an increase in attack surface rather than a decrease.

Also, from reading this paragraph, I'm not quite sure how this approach makes the Software more / less secure. One scenario that I thought of is: If somehow an internal microservice is unintentionally exposed to the outside world, then that microservice can be called directly using the access token.

Whereas if the internal microservice accepts a token format known only to internal microservices, then the above scenario can't occur.

Sorry if my question above is naive, thank you! :)

[jmanico]

I agree with you 100%. I fundamentally disagree with this statement 100% and will make a few changes.

Would you like to PR for this and fix it? I'll approve quickly if you do.