flutter_dotenv icon indicating copy to clipboard operation
flutter_dotenv copied to clipboard
verified publisher icon java-james

Inquiries about security issues

Open iCodePoet opened this issue 3 years ago • 2 comments

I happened to read the blog post.

https://systemweakness.com/why-not-to-use-dotenv-on-flutter-5d3a07abc971

According to this article, the .env file appears to be readable. I'm storing key security information here. Is there a security problem depending on the blog post? I wonder if it's reliable or if there's a security problem, how can you secure it?

iCodePoet avatar Sep 29 '22 01:09 iCodePoet

Thanks for raising the concern. Please see https://github.com/java-james/flutter_dotenv/issues/51#issuecomment-1040908470 for a related discussion on this. In short, you shouldn't use .env on the client side to store sensitive data. Please get back to me if we are missing a point here, especially if you have something in mind we may have not thought of yet.

java-james avatar Oct 02 '22 20:10 java-james

Thank you for your comment.

Is there an alternative to how sensitive data is managed?

I would appreciate it if other people could suggest a good idea.

iCodePoet avatar Oct 05 '22 02:10 iCodePoet