I saw another post about security in the community, and I felt like adding a few more points because let’s be real, you can never have enough security 😅
With the rise of "vibe coding" and rapid prototyping, the security aspect often gets left behind. But if you're shipping something users will interact with, it's worth taking a moment to lock down the basics.
Here are some simple principles to help keep you and your users safe (or at least safer):
1. Always sanitize and validate user input
Never trust input coming from the user.
Yes, many modern frameworks have built-in protections, but adding your own validation layer ensures nothing weird slips through. It’s better to be safe than sorry.
2. Encrypt all traffic using HTTPS
Ensure all communication between your users and your server is encrypted using HTTPS.
You can do this by obtaining an SSL certificate many hosting providers offer it for free by default. Unencrypted traffic can expose sensitive information, making HTTPS a basic but essential layer of security.
3. Hash passwords properly
Passwords should never be stored in plain text under any circumstances.
Use strong, modern hashing algorithms such as bcrypt or Argon2, and ensure that each password is salted before hashing. Older algorithms like MD5 or SHA1 are no longer considered secure and should be avoided entirely. Proper hashing significantly reduces the risk of password leaks being easily exploited.
4. Log smartly
Logging is great for debugging and tracing bugs/security issues but be smart about what you log.
Never store sensitive info like tokens, passwords, or anything a bad actor could use to impersonate someone.
Security doesn’t have to be overwhelming, but it does have to be intentional.
Even small improvements go a long way especially when you start building for real users.
Got any other quick security tip?
- npm audit is good security command
- rotating access keys automatically
Login to post a comment.
Login to post a comment.