Fresh Pcaps, Free for the Asking

I am consistently surprised at how often AAA is left as something to be implemented after perceived &quot;core functionality&quot;. Organizational rules should stipulate that MVP&#x27;s must contain AAA, because I would argue anything that doesn&#x27;t is not a &quot;viable product&quot;.<p>I think it&#x27;s partially that it usually involves bringing another team into the loop, which can expose your design before you&#x27;re really ready to share it. I&#x27;ve caused that problem myself; Okta was the accepted SSO solution, but getting creds to auth with it involved talking to Security and going through a review which would take at least 2 weeks, and then a week of actually waiting for it to come through.<p>I really wish more companies using Okta allowed some kind of a mode that is analogous to LDAP allowing anonymous queries for username&#x2F;password checks. I don&#x27;t need something that pulls down all the user info, just something that says &quot;given this username and password, is it valid for someone&quot;. Rate limit me to 1QPS to prevent brute forcing passwords, that&#x27;s fine, at least I can PoC with actual auth.

<i>If</i> your architecture is well designed, no data goes over the wire unencrypted, and therefore these pcaps posed no security risk.<p><i>If</i> the system was well designed, it would have had <i>tests</i> that no data was sent unencrypted. For example, port scanners, entropy analysis of packet captures, etc.<p>Not allowing packet captures by any random Joe is just defense in depth at that point.