What are the best practices for deploying a backend safely for my project?

By
Elli Mongillo
-
0
21
Asked By TechieDuck123 On

I've been developing full-stack apps and I often face the challenge of backend deployment. Currently, I'm working on a Chrome extension that relies on a Flask backend, which is necessary because the library it uses isn't available in JavaScript. I learned that deploying the backend is essential for production, but I'm hesitant since any publicly accessible URL can be hit by anyone outside the extension. While I don't have sensitive data at stake right now, it raises concerns for the future. Ideally, I want to restrict access to the backend solely through the extension and not make it a separate access point. I'm curious about how others are managing backend APIs securely. What approaches are recommended, and how do companies protect their backends?

5 Answers

Answered By SecuritySage On

It's nearly impossible to ensure your backend can only be accessed by the extension. Creating a user authentication system is key; every request should be tied to a user account. Additionally, consider applying IP whitelisting to block traffic from major cloud providers, which can often host bots.

Answered By WebWizKid88 On

You mentioned needing the backend due to the library being unavailable in JavaScript, but be cautious. If your Chrome extension transmits browser data to the backend, you should ensure compliance with privacy standards.

Answered By CodingCat98 On

To secure your backend, think about implementing rate limiting and possibly obscuring the service by hosting it on unusual ports. While you can’t make it completely secure from extension requests, every request should be authenticated to minimize spam.

Answered By DevGuru99 On

Most companies deploy their services within a private network or VPN, keeping them inaccessible from the internet. If you have a public API, secure it with proper authentication and authorization methods.

Answered By BackendNinja On

In my experience, protecting the backend usually involves a combination of authentication and authorization. Even if someone has the URL, they won't get past a 401 error without proper credentials. Consider exploring JWT or session tokens for your setup.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.