Secrets Exposure
- Vulnerable
- Solution 1
- Solution 2 - API code:
pages/api/example-5-secrets-exposure/solution-2.ts
The following API key should not be any value other than "undefined" in the frontend regardless of which user tries to access the page:
process.env.API_KEY: "12345678901234"
Show API results fetched using the process.env.API_KEY variable
null
The following users should not contain the "passwordHash" property, regardless of which user tries to access the page:
[ { "id": 1, "username": "alice", "passwordHash": "$2b$12$rip3gbockwavRttTaMZa.u5JKY1542MOLBI7YGkRXaj83rtocfl3a" }, { "id": 2, "username": "bob", "passwordHash": "$2b$12$0N14zwm7.gFNB9UriJpo9eHqCBSezv1zdvbLL7ql79KYJM50fvo6q" } ]