hapi-react-starter-kit icon indicating copy to clipboard operation
hapi-react-starter-kit copied to clipboard

Published 20 hours ago verified publisher icon Dindaleon

Leaking sensitive information?

Open benderunit opened this issue 9 years ago • 3 comments

Is this http://hapi-reactstarterkit.rhcloud.com/ an example for running this starter kit in an production environment? If it is, I think it's leaking sensitive informations through the running webpack server. It serves informations like the iron secret through the config.js file.

benderunit avatar Mar 03 '16 18:03 benderunit

@benderunit Yes indeed. What do you suggest? Perhaps, having the secret key as environment variable?

Dindaleon avatar Mar 04 '16 05:03 Dindaleon

Does it exhibit the same problem when running as prod?

nym avatar Jun 02 '16 21:06 nym

No it does not @nym You can run it

SECRET="YOUR_SECRET_KEY" node server.js

with key set to your environment. This is how it is done to protect code from commiting sensitive information into repositories.

FullStackForger avatar Oct 20 '16 16:10 FullStackForger