Comments (4)
This is part of the clientside bundle and therefore cannot be hidden from the client. React is responsible for this behavior. The client ID is ok to be seen in the public. You have to keep the SECRET_KEY secret. This is usually used on the server side. In this case inside the "main.js" process it will be hidden.
// main.js
const GOOGLE_SECRET = process.env.GOOGLE_SECRET
from electron-react-boilerplate.
This is part of the clientside bundle and therefore cannot be hidden from the client. React is responsible for this behavior. The client ID is ok to be seen in the public. You have to keep the SECRET_KEY secret. This is usually used on the server side. In this case inside the "main.js" process it will be hidden.
// main.js const GOOGLE_SECRET = process.env.GOOGLE_SECRET
Hi @sanneh2 ,
But in main.js also env variables visibling directly. I don't know how to hide the env variables from .env file in production application.
Please look below images of production main.js, i have marked encryptedkey field which have value from .env file
from electron-react-boilerplate.
This is a security question.
The best and most reliable thing is authentication and servers. So for example, if your users are logging in to your app, you could share secrets over a secure connection,
Unpackaging will always expose the entire code to the hacker. You can obfuscate it, encrypt it, or compile it with v8 bytecode which I heard works great.
But security with an external server will always be the safest bet, because you can move the secrets and confidential information to a remote location outside of your app.
from electron-react-boilerplate.
Hey @Thesiva7
What @sanneh2 said on security is correct, you shouldn't keep secrets on the client. electron-store also advises that encryptionKey
is not intended for security purposes, only obfuscation.
I'm not sure what your what your app's codebase looks like, but maybe Google's OAuth javascript
or server docs might help
from electron-react-boilerplate.
Related Issues (20)
- Unable to build installers using electron-builder, how to resolve this?
- How to solve this problem with postinstall$ node install.js
- dll renderer webpack error on tiptap npm install HOT 1
- Can't import child_process
- Removing unnecessary electron languages
- how do i add encryption to my saved file with electron-store
- Issue in package of boilorplate
- Build Electron-React-Boilerplate With Tailwindcss
- Relaunch Electron App HOT 2
- Code signing issue
- How to debug in VS code? HOT 3
- Cli Truncate Package Missing
- An unhandled rejection has occurred inside Forge: TypeError: Cannot read properties of undefined (reading 'split') HOT 1
- request HOT 3
- React Router NavLink not working HOT 1
- How can I use getMac, address or any other Node Module?
- Passing command-line arguments to electron HOT 1
- I want to bundle Selenium but WebPack can't find it(?)
- I can not use javascript files by alias reference in the boilerplate project
- What should the expected win-unpacked size be? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from electron-react-boilerplate.