As the title says + is this approach enough to protect the sensitive data?
Or should I store the sensitive data on a 3rd party service? How to deal with data protection?!
Asked
Active
Viewed 28 times
0
-
1The answer here depends on your server setup, and the sensitivity of the data. Nuclear launch codes? You'll probably want something more secure. – ceejayoz Apr 16 '23 at 02:45
-
So putting the sensitive data on an env file on the root of the project's folder not enough! – JSON Apr 16 '23 at 02:48
-
No, that's not an accurate summary of what I said. It *may* be enough; security here is partially on *you*. – ceejayoz Apr 16 '23 at 13:31
-
I got you, another question, is there any way to access the .env file on the client side? – JSON Apr 17 '23 at 03:30
-
Again, it depends. It's entirely possible for you to misconfigure things. I've seen folks point the webserver at the wrong folder, I've seen folks output the `.env` into the frontend HTML. You need to understand what you're doing, but that's not unique to `.env` files. – ceejayoz Apr 17 '23 at 14:28