[steve_adams_86]

I’m surprised people wouldn’t want to route requests through a backend so they could throttle traffic and prevent abuse from a place no one else can control. Perhaps they simply don’t know that’s a concern — they put a static API key for a service that costs money into a client side application. That seems unintentional, at least in regards to exposure to potential consequences.

[binarymax]

Keeping creds safe is basic security practice, and we have the eternal September of programmers - which now applies to inexperienced people using AI to cobble together software. So there’s going to be a lot of these mistakes made and learned as they acclimate.

[matisseverduyn]

Noticing that comments like this are being consistently downvoted, yet there doesn't seem to be any sort of disagreement in the replies. Usually when people disagree online, they don't merely downvote, but also post their dissent.

Interesting that it's suddenly become so "controversial" to suggest circumspection with respect to this subject...

[hutzlibu]

I didn't downvote, or noticed such a pattern, but was this comment really insightful? It just said, programming newbs will make newb misstakes. Yes and? I mean it is self evidently true. So yes, you can say it and the wording was not really condescending, but quite often to me it is just bashing beginners to feel more powerful and smart as an experienced and studied programmer, compared to those amateurs.

[matisseverduyn]

> Keeping creds safe is basic security practice... So there’s going to be a lot of these mistakes made and learned as they acclimate.

This might not be insightful from your perspective, because you've thought about it before, but it needs to be said. Just like a NO DIVING sign in the shallow end, most people already know, but some people who don't know might not know if it isn't stated.

[SketchySeaBeast]

To stretch/extend/mangle your swimming metaphor - the AI tools now let people swim in the deep end before they've taken their water wings off. There's lessons that others would probably learn along the way by having to do a lot of searching and parsing of the basics that can be skipped over now.

[hutzlibu]

I am not sure. Also before ChatGPT you could google and copy and paste some foreign code together you did not understand, even before stackoverflow. In fact, this is what I did as a beginner and I would think most did. You start to modify and play a bit with it and after a while you understand (something). Or you try until it somewhat works.

I don't see, why ChatGPT changed that, I only tried it a little bit so far, but it doesn't usually give you a ready program, right? It gives you snippets, that might work, or not, but in my case required understanding of the domain. So I could adopt the scripts to my need, but I doubt a beginner could. At least not for anything non trivial. Also those beginners can ask a million stupid questions to the AI that just patiently answers. So yes, those answers can be wrong, but that can happen in a forum as well and even in university occasionally I was taught some BS.

So yes, ChatGPT changes the game a bit, but not that drastic. If you want to become a professional programmer, you still have to get your hands dirty and grind away the basics. But you cannot skip certain things, or you never manage to get even a mid sized project running performant and stable.

And if necessary, it would be probably trivial to weed out "programmers" that aren't really programmers by asking them some questions directly.

[klausa]

People who make iOS apps rarely are equally comfortable with creating backend apps; for understandable reasons.

[iudqnolq]

It seems like static hardcoded API keys are a best practice with map APIs. I'm guessing because of the large number of requests in the critical path proxying adds to much latency? But everyone does it.

[justinclift]

Oh, that seems pretty bad.

Are you ok to name some map apps that are doing this, that you're aware of?

That'll let others dig into those apps, (hopefully) report the security issue, and (again hopefully) get the app makers instead using a better approach for their next releases.

[iudqnolq]

For one, it's what you get following the documentation of the most popular product, Mapbox.

[justinclift]

Ouch. So, they're even teaching people to do the wrong thing? That's not good at all. :(