flutter_dotenv icon indicating copy to clipboard operation
flutter_dotenv copied to clipboard
verified publisher icon java-james

Update Readme

Open 2shrestha22 opened this issue 1 year ago • 1 comments

Some users may ignore the warning message because they already get false sense of security. It would be nice if you add how .env file being handled and it is not same as .env we use in server side application. Everyone may not know how assets works. There are couple of issue regarding .env file being visible.

I think all these problem will be sorted by adding a noticeable warning stating that. .env file is added as an asset and it will be shipped with the app and anyone can see it easily by extracting the apk.

2shrestha22 avatar Oct 31 '24 01:10 2shrestha22

Hey @2shrestha22 thanks for raising the concern. I think it's very important that the message is clear that environment variables on the client side are not secure.

Is there anything additional you think is important that we add to the security considerations section that has been appended to the readme? https://pub.dev/packages/flutter_dotenv#security-considerations

If nothing additional, I will close this issue. Otherwise, awaiting your feedback.

java-james avatar Aug 19 '25 22:08 java-james