@chris.raroque: by far the biggest misconception though… Is that people assume their app code is private 😬 You basically have to assume that anybody can take your app, decompile it, and view the code Same goes with web apps. If you store any environment variables or credentials, it's pretty easy for someone to find them If you make any calls directly from the front end, you also have to assume someone can find those and deconstruct them The number one mistake I'm seeing is people making API calls from the front end and passing in sensitive environment variables in there. Like API keys for AI providers, for example 🙅♂️ This is also a big reason why people have a problem with providers like Supabase and Firebase. They make extremely sensitive calls from the front end directly to the database and the only protection layer is real level security or Firebase security rules One slight misconfiguration could leave you completely exposed and anybody who figures out your endpoints can start manipulating and viewing sensitive data The best thing you can do is to move all sensitive calls and ideally even all database reads to a backend service that they can't snoop around #softwaredeveloper #coding #appdesign
Like seriously.. Do people need these to be told to them?
2026-03-07 08:48:01
35
ewazdomu :
I don’t believe someone is letting frontend call AI directly 💀
2026-03-08 18:26:38
13
isaacbuilds :
Thanks for this. Gotta make sure security is locked in
2026-04-05 08:48:35
0
Chris Raroque :
I say this as someone who has made every mistake I'm talking about at some point 🥲🥲🥲 also in the caption I listed the number one mistake I'm seeing people make and how to combat it, will do a proper long form video in the future about this!
2026-03-06 19:49:22
6
zuckeelands :
Thank you so much… I implemented all of these on my app, and I feel so much more protected.
2026-05-12 00:25:47
0
khoa_solo :
Good tips bro
2026-05-04 15:30:08
0
Nico | Founder :
I think this doesn’t find me by accident?😅
2026-05-20 14:18:55
1
Edge Media/Web Design :
how do you feel a out base44?
im building my first app and it copies my designs from figma SOOO well, minimal if any changes
wondering if i should build the frontend, and then export the code and use claude code to build the more complicated logic? not sure
2026-03-08 06:33:14
1
jcgleez :
The first issue is solved with couldflare right?
2026-03-21 01:16:32
1
Charity Darko :
Definitely worth mentioning
2026-03-07 05:13:48
5
Bdizzy :
Real advice
2026-04-20 04:25:04
0
Denovo AI :
These are good tips!!
2026-04-07 17:04:15
0
Martin Hansen :
Are you making sure to check the ai_enabled flag on every message sent to the AI though? I could easily see this only being checked on mount, which effectively means the killswitch wouldn’t work until they refreshed the page
2026-03-07 07:28:14
0
carobuilds :
Omg! I needed this! Saved for the future ❤️Thanks for sharing
2026-03-06 19:57:58
0
kaps :
I like 💘
2026-05-01 12:09:39
0
Jules Polywork Career Platform :
This is excellent 👏👏👏
2026-04-22 11:07:57
0
George Abi: Tech|Data|Career :
Thank you!!
2026-04-23 22:49:54
0
kaps :
pp
2026-05-01 12:09:42
0
buildappswithjace :
100% agree but you also shouldn’t have a insane budget setup in your AI credit account or have it so it automatically tops up
2026-06-03 21:11:53
0
johnnylowe :
These tips are really helpful man, thanks 🙏
2026-03-09 22:38:51
0
Vic | AI/Saas/Apps :
This is so handy thanks!!!
2026-05-25 13:33:51
0
willpursell_dev :
I feel personally attacked by rule #2 🥲
2026-03-21 22:35:04
0
Lakshya Oberoi :
Thanks for sharing!
2026-03-17 09:38:25
0
Liv Authentic Brand :
Thanks for sharing!
2026-03-16 18:50:49
0
Ayoub Elo :
Love your content bro. That RLS reminder was great 🙂↕️
2026-03-06 20:01:41
0
To see more videos from user @chris.raroque, please go to the Tikwm
homepage.