DEV Community

Discussion on: Sorry, I hacked you.

t0nylombardi profile image
Anthony Lombardi Author

Hacking a server is a lot harder IMO. Putting API keys in environment variables on the server is the most practical idea. I feel It is a lot easier to do "man-in-the-middle" attack on a website to manipulate data.

You can filter access to your server to allow data coming in from a few points. Also logging in through ssh with RSA Keys make it almost impractical to break that password.