It was a project requirement, PHI was processed by it, so yes, it needed a secure connection. I now realize I should have used mutual auth, but hey, I only learned about that after that project
We never sent actual data to it (the actually sensitive data used for training never left a secure VM), but the point of the course was to act like we were. Plus, setting up an nginx reverse proxy is simple, setting it up and getting certs from some ssl commands is a 10 minute task that appeases the project manager/professor with minimal effort.
It was a project requirement, PHI was processed by it, so yes, it needed a secure connection. I now realize I should have used mutual auth, but hey, I only learned about that after that project
We never sent actual data to it (the actually sensitive data used for training never left a secure VM), but the point of the course was to act like we were. Plus, setting up an nginx reverse proxy is simple, setting it up and getting certs from some ssl commands is a 10 minute task that appeases the project manager/professor with minimal effort.
deleted by creator