flutter_dotenv icon indicating copy to clipboard operation
flutter_dotenv copied to clipboard

Published 20 hours ago verified publisher icon java-james

Security issue in release mode

Open muhammadkamel opened this issue 1 year ago • 3 comments

The ".env" file remains in the "flutter_assets" folder in the release after converting the APK file to a ZIP file and extracting it.

Screenshot 2023-06-17 at 7 45 32 PM

muhammadkamel avatar Jun 17 '23 16:06 muhammadkamel

Hey @muhammadkamel thanks for the issue. Please see my explanation on https://github.com/java-james/flutter_dotenv/issues/51#issuecomment-1040908470

This package is for managing front-end variables and is not intended for sensitive secrets.

java-james avatar Jun 29 '23 23:06 java-james

@java-james , some way to put this as a big warning in the docs? I'm seeing a few open issues with developers who don't understand the difference between env and secrets.

kevtechi avatar Aug 23 '23 07:08 kevtechi

@kev-techi Yep agree some learning info at the top of the readme should help developers understand and responsibly use this package

java-james avatar Nov 17 '23 01:11 java-james