Learn Phoenix LiveView is the comprehensive tutorial that teaches you everything you need to build a complex, realistic, fully-featured web app with Phoenix LiveView. Click here to learn more!
I recently made the mistake of getting embroiled in a Twitter[1] drama. A popular Javascript “starter kit” framework was found to be riddled with embarrassingly basic security flaws, and I joined the resulting pile-on with some threads that went quite viral. I may have made some enemies.
I’m not going to relitigate the argument about that one particular framework - I don’t care. Instead I want to make a more general point, because I got a lot of replies that, frankly, disturbed me.
A lot of “indie hackers” apparently think that security isn’t important. Sure, it’s better to be secure than insecure, but you have a business to launch - security is a cost you can live without, so get your MVP out the door asap then you can worry about security later. Right? People actually think like this.
To me this is like a car manufacturer saying “just make it driveable, we’ll add safety later”. It’s more than reckless; it speaks to something fundamentally wrong about how you approach engineering. Safety and security aren’t something you slap on later as an afterthought. They should be woven into your design from day one - and they don’t have to cost you anything!