Hacker News new | past | comments | ask | show | jobs | submit login

I once had a discussion with a management that thought it’s fine not to implement access control for GraphQl because no one knows the endpoint. I explained it’s possible to figure out the endpoint through the Network tab in the console. They assumed it’s fine because that’s too technical.



That’s when you stop involving management in technical discussions. As a software engineer, you do what must be done. If access control is a must, management can wait on the less important features. If they are stupid and don’t understand despite explaining them, they don’t have to know.


Yeah, but don’t get yourself in trouble and be a renegade either.

I do not agree that engineers should avoid technical talks with managers. They should just always be prepared to break it down and provide examples. Look people in the eye, empathize with their sentiments, don’t be an asshole if you can help it, in my humble opinion.


And get stupid decisions in writing.


Tell them all the juniors are using it and it’s causing widespread security breaches and could cost the company money (it’s half true at least).

If they don’t care about money when you talk about it, well, then that may signal something deeper.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: