Collaborate Disseminate
Is it okay to upload .env files containing client ID and client secret to elastic beanstalk? If not, what is the risk involved? How would one access those files?
I’ve read about this but I don’t fully understand how to choose.
I have two options:
Public client
"A native, browser or mobile-device app. Cognito API requests are made from user systems that are not trusted with a client secret.&qu… Continue reading Public client or Confidential client: should I generate a client secret?
Let’s say there is a webapp where users can upload files with sensitive data and view analytics generated by the backend. Does using a reverse proxy like nginx or Apache actually help with the security of the website? I have seen this clai… Continue reading Does using Apache/nginx actually improve security of a webapp?
I see why it is obviously bad to store a secret key and client ID in the source code for a web application. However, how do you go about the alternative? Surely, that information has to be stored somewhere. Is it stored in a local text fil… Continue reading What does it mean to store secret keys as an "environment variable" as opposed to hardcoded in the source code?
I want to have users upload data, but need to ensure it stays secure and cannot be mixed up with or touch other users’ data. How do I do this with AWS?
Continue reading How do I create a site with secure user data upload on AWS? [closed]