example-store-stripe icon indicating copy to clipboard operation
example-store-stripe copied to clipboard

Published 20 hours ago verified publisher icon redwoodjs

Secure Cart

Open chrisvdm opened this issue 3 years ago • 2 comments

Cart works but needs to be managed on the backend to avoid security risks

chrisvdm avatar Feb 21 '22 07:02 chrisvdm

@jtoar dunno if writing to a temp file would work?

chrisvdm avatar Feb 21 '22 09:02 chrisvdm

As I tried to explain in my yesterday's article Redwood-Stripe integration - currently unresolved issues, Stripe components have the strongest security already implemented, meaning the cart (a Stripe component) is most secure part of the Sample Store app.

Our sample store app, needs to be secure as well - as described in https://redwoodjs.com/docs/security document. As redwood security recommendation strongly suggest using the Doppler service instead of environment variables I will rework the current use of .env into the Doppler environment.

adriatic avatar Jun 14 '22 21:06 adriatic