This is out of my wheelhouse but I’ve been told that this code might be risky (possible data leak)?
Can anyone comment on whether this is an issue or not?
Thanks in advance!
The code provided does not exhibit any inherent security vulnerabilities; however, it is crucial to consider the security of the API endpoint to which the code is making a GET request.
It is essential to ensure that the API endpoint is secured and that the data returned from the API is properly sanitized before being passed to the init_data function.
Additionally, the context in which the code is being utilized must also be taken into account. For instance, if the code is implemented on a public-facing website, it is imperative to implement proper authentication and authorization mechanisms for the API endpoint.
Furthermore, the API endpoint should not expose any sensitive data that should not be accessible to the client-side. To ensure the security of the API endpoint, it is recommended to review the API documentation and any relevant security guidelines prior to utilizing it in a production environment.
Cheers!
Thanks for your reply @newhorizoncode.
What do you mean by “sanitized”?
I’m only using Bubble’s own endpoints with the appropriate privacy rules set for users.
Sanitized in this context means that any data returned from the API endpoint should be thoroughly checked and cleaned of any potentially harmful or unwanted content before it is passed to the init_data function. This is important to prevent any malicious data from being processed by the code and potentially causing security issues.
Though saying that, I’m fairly sure bubble handles santization automatically, by using Bubble’s own endpoints and setting the appropriate privacy rules for users, you should ensure that any data returned is safe to use.
1 Like
This topic was automatically closed after 70 days. New replies are no longer allowed.