Question : Security Implementation and Good Practises

[devouk]

Hi, I am a bit of a noobie looking to learn/create a small app where flat-file/filebase sounds like a great solution for a simple user store (no payment details) but login and a simple order system.

Could you just write a reply/readme info about best security practises and potential risk/pitfalls and good practises which you should be applying within your code and at server-level permissions to stop anyone scrupulous trying to read/alter the data.

Really like what you achieved and look forward to really getting grips to your work. Thank you so much
Regards
Devo

[timothymarois]

Hey @devouk

Look at it like any file or db on your server. You want to be sure the files in the flat file db are not accessible via public, with a setup like Laravel, you could keep your flat file db in the storage folder where only you and the server can access those files, I would not place them in the public directory.

One thing to keep note as to all flat file dbs, if multiple edits of a single file are happening at the same time, you can lose work, such as 2 instances of a file get opened, one gets edited, then the other, the second one would override any changes the first made. Due to them loading the same content. Usually, that's not a huge deal, but it depends on the project you're working on.

The readme, should have enough details for you to get started. And always welcome feedback!