Hacker News new | past | comments | ask | show | jobs | submit login

This is my biggest issues with SPAs. Its not that it is that hard, its just so much easier to keep it secure if its being done server-side.



What's an example of something that would be proprietary, reasonably on the front-end, and stealable from minified source?

In my mind, anything complex would probably be server side anyway for performance reasons (though I admit there are many, many SPAs with seemingly little thought about performance.)


An inexperienced dev might do something like put API keys in frontend code. You can even do an advanced search of Github to find people's keys to steal to get access to paid APIs.


Inexperienced devs already leak keys into front end code before SPAs.


Anything you would normally stash in an API gateway.

API keys, anything that handles auth, etc.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: