|
|
|
|
|
|
by MeetingsBrowser
15 days ago
|
|
|
I think we may be talking past each other at this point, but secrets from a dev env can be more valuable than secrets from a production env. With things necessary for a dev env, like read/write access to source control, attackers can get access to internal data, and push malicious code that gets run in a prod env anyway. If you want to make the claim that using react is an insane indefensible choice from a security standpoint, you are being idealistic at best. Telling people not to use react does not help anyone, and that type of recommendation causes reputational damage to the security industry. |
|
|
Access to source control is required on a developer workstation.
It is not required inside an application environment on that workstation (eg a VM or other such system that both provides a standard environment and creates separation)
I'm not making any claims about the security of react.