Reply to post: Serverless

A code injection to stop code injection could solve serverless security

Anonymous Coward
Anonymous Coward


"think platform-as-a-service but billed when the application is running"

We need to stop with all these buzzwords, the real IT folks are getting lost. So server-less... the "cloud", but pre-configured by Amazon/Google with a slightly different billing model?

I really don't think it's a good idea to be telling devs (of which I'm one) that they need to worry less about understanding what they're doing. At what point do devs start forgetting that SQL injection/*insert your own* exists because that's done in the server-less magic-land now? What happens when one of those devs then works on an in-house project?

Personally I see a future where unskilled* developers are writing unintentional logic bombs that carry the risk of bombing out on someone else's server-less servers, and incurring huge unexpected costs until it's realised that the shoddy code has gone rogue.

I guess the next step is developer-less development, where development is done by the cloud providers thanks to the loss of skills and trust in anybody not "in the cloud". Then those companies that let all their in-house skills migrate into the cloud are really over the barrel.

* Because they don't need to be.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020