Playing: 159: Hasty Treat - Front End Security
Potluck - CSS × Angular × Dev job preparation × Svelte × File organization × Gear × More!
Potluck - Media Queries × NPM Vulnerabilities × Fullstack JS vs JAMstack × Web VR/AR × Switching Jobs × More!
Potluck - Interview Qs × Headless CMS × React Hooks × Resume Design × Redux vs Context × More!
How We Manage Our Lives — Notion, Todos, Notes, Focusing, Calendars, Goal tracking, and more!
Potluck - Changing careers × Repo organization × CSS Grid × Certifications × Freelancing × Spammers × More
Potluck - Where to start with JS × Freelancing × Cron jobs × Split testing × Frameworks in 2019 × More
Potluck - $100/hr × Redux Replacements × Full Stack Designers × JWT × VS Code Tips × More
Potluck - Editor Fonts × Portfolios × Meetup Tips × Switching to Windows × Freelancing Sources
Potluck EP × Remote Work × Headless WordPress × Good Client Questions × Alternate Careers × React API Credentials
Potluck EP × Is Redux Dead × Learning Quickly × Developing Solo × Specialist vs Generalist × Funnest Projects × Wes’ BBQ Course
Potluck EP × Vue.js × Headless WP × Typescript & Flow × Productivity × Server Side Rendering × Yeoman
Wes and Scott's Lives - Breakdancing, BBQ, Wives, Work/Life Balance, Problem Solving, YouTube Subscriptions
Snack Pack — CSS Frameworks, React HOC, Render Props, Coding Designers, Early Career Advice and a sound board!
Hosting & Servers — Heroku, Now, Galaxy, Digital Ocean, Linode, Docker, Netlify and more!
Jul 8th, 2019
Hasty Treat - Front End Security👇 Download Show✏️ Edit Show Notes
In this Hasty Treat, Scott and Wes talk about front end security and what to do in order to avoid hacking.
Sentry - Sponsor
If you want to know what's happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry and using the coupon code "tastytreat".
2:53 - SSL
- Encrypted transfer of information
- Digitally binds a cryptographic key to an organization's details
- Web-cam, geolocation, etc.
6:15 - innerHTML
- React's dangerouslySetInnerHTML
- Name intentionally chosen to be frightening
- Allows you to write HTML to the DOM
- Data should be sanitized before used in prop
- Removes unexpected data from string
- Used to prevent cross site scripting attacks
10:25 - Don't trust the client
- The client can be manipulated to send any info to your server
- E-commerce example — don't take the price total from the front end to make the charge, DB call and calculate on the server
- Validate form inputs via HTML 5 field validation/check data types on the server
- Don't allow your users to send an object when it should just be a string
- Get this for free with GraphQL via types
13:41 - PCI Compliance
- Protect card holder data
- SSL or Secure iFrame
- Encrypt transmission of card data
- Restrict access to card holder data
Restrict physical access
- Front of front-end
16:44 - Tips
Don't put a name on sensitive fields if you are using JS
- HTTP only cookies
- Local Storage tokens