Comment by Colin Bate on "Vue vs. Svelte vs. React"

You mention that you need to keep your Fauna key safe, which I agree with. However, you then embed those keys into your app. Those keys will ship as part of your JS files.

Since the keys you created in this example are admin keys I'm guessing that would give someone full access to your data. You might be ok with some restricted read-only keys. Otherwise, you may want to move your data access to something like a serverless function.

The Vue CLI documentation specifically says not to store private or secret information in the .env files.

yup, I agree, revealing those keys can allow potential bad actors to access your data. A best practice would be to limit it to only read access then put them in an environment variable.

Yeah in continuity with the last comment, there's a reason the entire article takes place on localhost ;) the objective of this code is me to look at all three frameworks, this is not something intended to be deployed, nor is it structured as a "real" app beyond Hello World complexity would be

JTK That is fine, and I'm glad that you didn't deploy this. I had noticed that you didn't provide an online working version. But I wanted to mention it because you do encourage others to follow along (with boilerplate repos included) and if people do deploy what they created, they are putting their Fauna keys at risk.

Search Hashnode