I assume the difference would be that having your database exposed presents additional surface area for attacks. A rube-goldberg style setup probably presents its own risks, but personally I just use AWS SES for my transactional/marketing emails and it's a one-way pipe that doesn't present any significant risks as far as I can see.

The top thing that comes to mind is creating a separate ‘read replica’ DB that logically replicates target table(s) from the source DB, creates a materialized view with a subset of the replicated data in the replica db, and then exposes only the materialized view to a specific 3rd party user.

That way you:

1) Run your primary db in a private subnet — addressing your concern with ip whitelisting

2) Run the replica in a public subnet with extremely limited access(ip-whitelisting and limited access controls to data).

This is definitely a more complex setup to reason about and creates more moving parts that can fall out of sync, but it does greatly decrease the blast radius of a breach, and for some orgs, that may be a worthwhile trade-off. In my opinion, the OP would probably benefit from some basic security walkthroughs on these different implementations to help engineering teams get onboarded/make a better case for their solution if they hit friction with legal or security teams.

Your private IP database isn’t unhackable either. A simple phishing attack can probably get someone’s VPN creds a nonzero percentage of the time.

I'm not sure what your point is. Are you implying it's justified because Russia is using them?

What I think they are saying is there no reason to get worked up over cluster munitions in Ukraine because they already are.

The main difference between the cluster bombs given to Ukraine and the ones fired by Russia, is the Russian ones are much more likely to have landed in populated civilian areas.

Using cluster munitions is not a war crime.

Intentionally targeting civilians with cluster munitions on the other hand is.

I don't think Ukraine is going to intentionally target their own civilians with cluster munitions.

Technically true, but just barely, and only because neither US nor Russia is not a signatory to the CCM.

But (as mentioned just now in a sibling post), in moral terms the issue is a bit more complicated, because the rest of NATO is a signatory to the CCM. So if we were to refactor the statement as "The US is supplying Kyiv with munitions that would be a war crime for its NATO partners to use" -- then it does have validity.

However the infinitely large issue remains: this war is utterly insane, and entirely lopsided, with no shred of excuse or justification, and needs to stop, now. Allegations of "hypocrisy" as such, while fine for the debate club, are tantamount to fiddling while Rome burns.

This is not entirely true a large amount of NATO is a signatory to the CCM but there are a few members that aren't outside of the US, they are.

- Poland - Finland - Lativa - Estonia - Romania - Turkey - Greece

> So if we were to refactor the statement as "The US is supplying Kyiv with munitions that would be a war crime for its NATO partners to use" -- then it does have validity.

Outside of the 7 countries in NATO outside of the US that aren't a signatory to the CCM.

And outside the fact that war crimes are strongly defined and using a weapon that is banned by the CCM even if you have signed it doesn't make it a war crime.

This is entirely a moot anyway, Ukraine is already littered with UXO from both Russia and from it defending itself.

I cant imagine that the DCIPM that the US provided will make a real difference in the UXO compared to whats already been going on.

So the closer countries are to Russia - the less likely they are to indulge in the moral luxury of signing the CCM. And Greece and Türkiye have each opted out because, well, the other has, so they must also. Makes sense in a way.