DEV Community


Discussion on: Risk of making a website open source.

creekorful profile image
Aloïs Micard

Generally speaking, you shouldn't be afraid of disclosing the source code of your website to others developer. While you may disclose vulnerabilities, others developer may find them and help them fixing it. I think that for a 'small' website, going open source is the way, the exploit that hackers may find will be by pentesting / fuzzing your application, not by going trough the source code, don't worry about that.

What you want to do is use state-of-the-art security practices, such as stateless JWT token if your application is un-coupled (frontend, API). Just make sure to pick a strong & secure JWT implementation and not a random one that may contains exploit. Cryptography is really a big field and you should pick implementation made by experts.

Other than that, read some books / blog post about security, or ask questions, people are generally nice, and you'll learn a lot.

TL;DR: don't be afraid of making your website open source, pick the best / secure cryptography library out there and ask questions when you're stuck. Security through obscurity is certainly not the way to go.

And share your website with us when you're done :)

ats1999 profile image
Rahul kumar Author

Thanks, for your precious time.

I agree this out by going through the source code, don't worry about that.
I'll share my website once it's done.