|
|
|
|
|
|
by lbarrow
4480 days ago
|
|
|
Security is definitely hard, but security challenges are often proportional to your apps' surface area. If you just have a simple token-based API, your language probably has libraries that can get you started with a reasonably designed security story. It's the same with passwords: at this point, you shouldn't be rolling your own password management system unless you have very specific needs. For this reason, I don't think "I made it for fun" or "I made it over a weekend" is a good excuse for such broken security. For tiny new apps, it's easier to use a library that does it correctly than it is to roll your own. |
|
|