Solo Project Day Four: Too Big for my Britches

Today was a tough day actually. I started to get hung up on some bigger issues than I need to worry about at this stage. Contemplating user security is new to me, and something that I began to worry a lot about. When a user logs into my app using Firebase, my app gets sent that user’s key and their secret. These are essentially their username and password, but they are specific to my app, and requre my apps key and secret as well to be used in any way. This means that even if someone were to steal a user’s key and secret, they wouldn’t be able to do anything with them unless they had also stolen my app’s key and secret.

So this provides a good level of security, but my question was whether or not it’s good practice to store the user’s key and secret on my server. It seems like it would be secure enough, but secure enough doesn’t really seem like good practice these days. For now, I’m going to not store the key and secret anywhere, and only hold while the user is currently using the app. I plan to do more research on it later.

Things Done

  • Implemented dotenv for environment specific variables.
  • Tried out unirest for API requests.
  • After fussing with Twitter’s API for too long than I probably should have, I eventually ditched the manual API call route using unirest, and decided to use a library. I landed on twit as the best option.

Today’s Research

Have a comment or notice a typo? Send me an email, or fork this post on GitHub.