I work for a software company and I'm currently doing research for an enhancement request. Essentially we have a application client which talks to a rest end point which is authenticated using basic authentication over SSL. A client is requesting that our application first perform mTLS with a reverse proxy prior to basic authentication with the REST endpoint. Would I be wrong in characterizing the customer as having a unique security posture and possibly the request as a one-off? For example if the client performed mTLS through the proxy directly to the reset API that would be more standard in my opinion or is my perspective dated/out of touch?
Asked
Active
Viewed 262 times
1
-
1There is no way to anwser this… we don’t know the criteria that would make it a “one off”. Maybe reword this question into a more abstract way…? – LvB Jun 17 '21 at 13:23
-
There is nothing known about your applications, its purpose and the security requirements of the client. There is nothing known about the rationale provided for the enhancement request. This lack of information makes it impossible to give a solid and justified answer. – Steffen Ullrich Jun 17 '21 at 14:37