If you don’t want to get hacked, use these steps... These will protect you against 99% of attacks. #vibecoding #apikeys #ratelimiting #cybersecurity #promptinjection

My app has over 16,000 users. Here's how to not get hacked when vibe cutting out. Number one is your database being opened by default. Superbase has role-level security turned off by default, meaning any logged in user can query any other users data with the basic API call. To prevent this, go to your Superbase dashboard, open every table and enable RLS before you go live. Number two is uploading your .env file to GitHub. Using environment variables is not enough if you push your env file to a public repo. To make sure you don't get hacked, add your .env to your .get ignore before your first commit. If you've already pushed it, rotate every key in that file immediately. Number three is no rate limiting on your AI endpoints. If your app has any AI features and someone hits your backend 10,000 times, you will have to pay that bill. This can cost you thousands of dollars in charges. Tell your AI agent to add rate limiting to any endpoint that touches open AI and throw a big or any other paid API. Number four is prompt injection. If your app passes user inputs directly to an AI model, attackers can type instructions designed to override your system prompt. To make sure this never happens, tell your AI agent to always wrap user inputs and clear the limiters and never allow user content to reach the system prompt position. If you need help building or securing your app, go to help me build an app.com to use the same guy that I did.