Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are you arguing that it’s a good idea for random developers to be able to set up new subdomains on the company domain without any oversight?


Do they work there or not? I deeply appreciate that everyone's threat model is different, but I'd bet anyone that wants to create a new DNS record also has access to credentials that would do a ton more actual damage to the company if they so chose

Alternatively, yup, SOC2 is a thing: optionally create a ticket tracking the why, then open a PR against the IaC repo citing that ticket, have it ack-ed by someone other than the submitter, audit trail complete, change managed, the end


What's your threat model that says they shouldn't? If you don't trust your senior devs, you're already pwned.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: