Hacker News new | ask | show | jobs
by reilly3000 2325 days ago
Do people really put server keys into clients? I thought the general assumption outside of private servers is to trust nobody.
1 comments
pjmlp 2325 days ago
Many app developers are just people with some programming knowledge trying their luck into the app world, so plenty of engineering best practices never come into consideration.
link
reilly3000 2324 days ago
This is a case for security by default. I’ve messed around with Firebase and Firestore- my experience with auth and security was painful enough that I started to look for alternatives.

ElasticSearch and most of AWS would do well to make Security by Default more commonplace.

link
pjmlp 2324 days ago
I agree.

That is also a reason why although I rant about the capabilities exposed to the NDK, I do appreciate it being locked down.

link