Do i really can or need to hide backend part in monolith app like T3?
Maybe its a noob question, maybe not so.
I don't understand how we achieve the security of the backend and other authentication processes. The security I'm asking about involves hiding the entire backend from being understood.
Am i worrying about nothing?
3 Replies
I think the question more about open repo and tokens. So, we make a private repo, then hide variables and other tokens. Then we win. Right?
Or we have the way for public repo with enough security?
Security through obscurity is really bad. Your app should be secure even if someone reads all your source code.
- Don't commit
.env file(s) to the repo
- Don't add NEXT_PUBLIC_ or similar to secret env vars
- Use an auth library or an auth provider if you're not comfortable rolling your own auth
- Follow the principle of least privilege
And your app should be securethx a lot