Security 101: Introduction to app security for indie hackers
After this drama with @marc_louvion I understood that many indie hackers don’t really have experience in securing apps. In this article I want to outline some steps that every indie hacker should incorporate into their workflows to protect themselves.
Yeah I was there too and it was really easy. I declined it, since every work should be paid and I’m not a person who’d steal someone’s work.
Why do you need it you might ask? Well — when you’re a nobody there’s unlikely that someone will try to break into your app or bypass a paywall. Once you get more customers there will be higher chance someone will try to benefit from vulnerabilities you have. Best case — someone will change their name to something that you’re not allowing. Worst case — access to paywalled features, or even completely copying/deleting your database with all clients, subscriptions, etc.
This approach is good until no-one cares about you and your product has close to 0 traction. Since most of us using popular tools like next.js or any other framework, its easy to guess which one is it and from there — you can start guessing attack vectors. So never rely on security through obscurity
