Do i really can or need to hide backend part in monolith app like T3?

Maybe its a noob question, maybe not so. I don't understand how we achieve the security of the backend and other authentication processes. The security I'm asking about involves hiding the entire backend from being understood. Am i worrying about nothing?
3 Replies
Ejex (Oleg Norov)
Ejex (Oleg Norov)OP7mo ago
I think the question more about open repo and tokens. So, we make a private repo, then hide variables and other tokens. Then we win. Right? Or we have the way for public repo with enough security?
Matvey
Matvey7mo ago
Security through obscurity is really bad. Your app should be secure even if someone reads all your source code. - Don't commit .env file(s) to the repo - Don't add NEXT_PUBLIC_ or similar to secret env vars - Use an auth library or an auth provider if you're not comfortable rolling your own auth - Follow the principle of least privilege And your app should be secure
Ejex (Oleg Norov)
Ejex (Oleg Norov)OP7mo ago
thx a lot
Want results from more Discord servers?
Add your server