As someone who scrapes vulnerable sites for a living, and coming from a non-technical background myself, I feel like this advice isn't super helpful. For all the vibe coders, here is a simpler list: > Just use firebase or supabase for auth > Have protected... See more

if you want your saas to go far... and you aren't going to want to hear this... you need to... setup rate limits on all api and auth endpoints, use a WAF, enable RLS, keep your env variables locked at the bottom of the sea, and most importantly... KEEP GOING!