是什么让 JAMStack 安全?
What Makes the JAMStack Secure?
JAMstack 的每个描述似乎都提到 "security" 作为好处,例如:
The static nature of a JAMstack app makes scaling easy, and causes little to no dev-ops overhead. The JAMstack approach can also improve your app's security posture since static sites generally have a small attack vector.
https://www.contentful.com/r/knowledgebase/jamstack-cms/
delivers better performance, higher security, lower cost of scaling, and a better developer experience.
我真的不明白这是什么"more secure"。我看到的都是这样的引语:
developers could leverage the expertise of third-party services to enhance the security features of your website/app
所以,简而言之,这里唯一的 "security" 来自 Auth0、Octa 或其他任何应该擅长安全的人,因为这是他们的重点?还是我遗漏了什么?
编辑,又找到一个引用:
With no databases, plugins, or dynamic software running on your server, the potential for code injection and hacks is reduced enormously. When your website is a collection of static files, all dynamic functions are instead handled with APIs and client-side JavaScript, negating the need to rely on CMS plugins. While it’s entirely possible that an external API handling persistent data may expose a vulnerability, eliminating your CMS removes numerous points of failure and attack vectors. For static blogs, it’s not a stretch to say that security essentially becomes a non-issue, at least when compared to a typical WordPress installation.
https://builtvisible.com/go-static-try-jamstack/
所以,似乎大多数 "security" 只是没有 wordpress?
JAMstack 的每个描述似乎都提到 "security" 作为好处,例如:
The static nature of a JAMstack app makes scaling easy, and causes little to no dev-ops overhead. The JAMstack approach can also improve your app's security posture since static sites generally have a small attack vector.
https://www.contentful.com/r/knowledgebase/jamstack-cms/
delivers better performance, higher security, lower cost of scaling, and a better developer experience.
我真的不明白这是什么"more secure"。我看到的都是这样的引语:
developers could leverage the expertise of third-party services to enhance the security features of your website/app
所以,简而言之,这里唯一的 "security" 来自 Auth0、Octa 或其他任何应该擅长安全的人,因为这是他们的重点?还是我遗漏了什么?
编辑,又找到一个引用:
With no databases, plugins, or dynamic software running on your server, the potential for code injection and hacks is reduced enormously. When your website is a collection of static files, all dynamic functions are instead handled with APIs and client-side JavaScript, negating the need to rely on CMS plugins. While it’s entirely possible that an external API handling persistent data may expose a vulnerability, eliminating your CMS removes numerous points of failure and attack vectors. For static blogs, it’s not a stretch to say that security essentially becomes a non-issue, at least when compared to a typical WordPress installation.
https://builtvisible.com/go-static-try-jamstack/
所以,似乎大多数 "security" 只是没有 wordpress?