[{"data":1,"prerenderedAt":290},["ShallowReactive",2],{"blog-category-how-to":3},[4,10,14,18,22,27,31,35,40,44,48,52,57,61,65,69,73,78,82,86,90,95,99,104,108,112,116,120,124,128,132,137,141,145,149,153,158,163,167,171,176,180,184,188,193,197,201,205,210,214,218,222,227,231,235,239,243,248,252,256,260,265,269,273,277,282,286],{"path":5,"title":6,"description":7,"date":8,"readTime":9},"/blog/how-to/supabase-rls-policies","How to Write Supabase RLS Policies","Learn to write effective Row Level Security policies in Supabase. Real examples for profiles, posts, teams, and multi-tenant apps with step-by-step explanations.","2026-01-28",null,{"path":11,"title":12,"description":13,"date":8,"readTime":9},"/blog/how-to/vault-basics","How to Use HashiCorp Vault for Secrets Management","Step-by-step guide to setting up HashiCorp Vault for secrets management. Store, access, and rotate secrets securely in your applications.",{"path":15,"title":16,"description":17,"date":8,"readTime":9},"/blog/how-to/vercel-headers","How to Configure Security Headers on Vercel","Step-by-step guide to adding security headers on Vercel. Configure via vercel.json, Next.js middleware, and edge functions. Includes CSP, HSTS, and all essential headers.",{"path":19,"title":20,"description":21,"date":8,"readTime":9},"/blog/how-to/zod-validation","How to Validate Input with Zod","Step-by-step guide to input validation with Zod. Schema definition, API validation, form validation with React Hook Form, custom validators, and error handling.",{"path":23,"title":24,"description":25,"date":26,"readTime":9},"/blog/how-to/test-supabase-rls","How to Test Supabase RLS Policies","Verify your Row Level Security policies work correctly. Learn SQL testing methods, browser testing, and automated testing strategies for Supabase RLS.","2026-01-27",{"path":28,"title":29,"description":30,"date":26,"readTime":9},"/blog/how-to/validate-user-input","How to Validate User Input Securely","Step-by-step guide to validating user input. Zod schemas, server-side validation, common validation patterns, and why client-side validation isn't enough.",{"path":32,"title":33,"description":34,"date":26,"readTime":9},"/blog/how-to/vercel-env-vars","How to Set Up Vercel Environment Variables","Complete guide to configuring environment variables in Vercel. Set up secrets for production, preview, and development environments with proper security.",{"path":36,"title":37,"description":38,"date":39,"readTime":9},"/blog/how-to/rate-limiting-auth","How to Implement Rate Limiting for Authentication","Step-by-step guide to rate limiting authentication endpoints. Prevent brute force attacks, credential stuffing, and account enumeration.","2026-01-26",{"path":41,"title":42,"description":43,"date":39,"readTime":9},"/blog/how-to/session-management","How to Implement Secure Session Management","Step-by-step guide to secure session management. Create, store, validate, and expire sessions properly to protect user accounts.",{"path":45,"title":46,"description":47,"date":39,"readTime":9},"/blog/how-to/supabase-auth","How to Set Up Supabase Auth Securely","Step-by-step guide to setting up Supabase Auth securely. Configure authentication, handle sessions, integrate with RLS, and set up social providers the right way.",{"path":49,"title":50,"description":51,"date":39,"readTime":9},"/blog/how-to/two-factor-auth","How to Implement Two-Factor Authentication (2FA)","Step-by-step guide to implementing TOTP-based two-factor authentication. Add 2FA with Google Authenticator, backup codes, and secure recovery.",{"path":53,"title":54,"description":55,"date":56,"readTime":9},"/blog/how-to/railway-env-vars","How to Set Up Railway Environment Variables","Complete guide to configuring environment variables in Railway. Set up secrets, use variable references, and manage configurations across services.","2026-01-23",{"path":58,"title":59,"description":60,"date":56,"readTime":9},"/blog/how-to/secret-scanning","How to Enable Secret Scanning","Set up automatic secret detection in your repositories. Enable GitHub secret scanning, configure pre-commit hooks, and catch exposed API keys before they cause damage.",{"path":62,"title":63,"description":64,"date":56,"readTime":9},"/blog/how-to/secure-login-form","How to Build a Secure Login Form","Step-by-step guide to building a secure login form. Prevent brute force attacks, handle credentials safely, and implement proper session management.",{"path":66,"title":67,"description":68,"date":56,"readTime":9},"/blog/how-to/setup-cors-properly","How to Set Up CORS Properly","Step-by-step guide to configuring CORS in Next.js, Express, and serverless functions. Avoid security mistakes and fix common CORS errors.",{"path":70,"title":71,"description":72,"date":56,"readTime":9},"/blog/how-to/setup-supabase-rls","How to Set Up Supabase Row Level Security (RLS)","Step-by-step guide to setting up Row Level Security in Supabase. Enable RLS, write policies, test access, and avoid common mistakes that expose your data.",{"path":74,"title":75,"description":76,"date":77,"readTime":9},"/blog/how-to/protect-against-xss","How to Protect Against XSS Attacks","Step-by-step guide to preventing XSS in React and Next.js. Sanitizing user input, Content Security Policy, and common XSS patterns to avoid.","2026-01-22",{"path":79,"title":80,"description":81,"date":77,"readTime":9},"/blog/how-to/remove-secrets-git-history","How to Remove Secrets from Git History","Clean secrets from your git history after accidental commits. Learn to use BFG Repo Cleaner and git filter-branch to remove exposed API keys from repository history.",{"path":83,"title":84,"description":85,"date":77,"readTime":9},"/blog/how-to/sanitize-input","How to Sanitize User Input","Step-by-step guide to sanitizing user input. HTML sanitization, XSS prevention with DOMPurify, server-side sanitization, and security best practices.",{"path":87,"title":88,"description":89,"date":77,"readTime":9},"/blog/how-to/secure-api-keys","How to Secure API Keys in Your Web App","Step-by-step guide to securing API keys in web applications. Environment variables, server-side handling, key rotation, and what to do if keys are exposed.",{"path":91,"title":92,"description":93,"date":94,"readTime":9},"/blog/how-to/protect-routes","How to Protect Routes and API Endpoints","Step-by-step guide to protecting routes and API endpoints. Implement middleware patterns, authentication guards, authorization checks, and secure Next.js/React routes.","2026-01-21",{"path":96,"title":97,"description":98,"date":94,"readTime":9},"/blog/how-to/rotate-api-keys","How to Rotate API Keys - Emergency Response Guide","Emergency guide for rotating compromised API keys without downtime. Step-by-step instructions for Stripe, OpenAI, Supabase, and other common services.",{"path":100,"title":101,"description":102,"date":103,"readTime":9},"/blog/how-to/netlify-env-vars","How to Set Up Netlify Environment Variables","Complete guide to configuring environment variables in Netlify. Set up secrets for builds, functions, and different deploy contexts securely.","2026-01-20",{"path":105,"title":106,"description":107,"date":103,"readTime":9},"/blog/how-to/nextauth-setup","How to Set Up NextAuth.js Securely","Complete guide to secure NextAuth.js setup. Configure providers, protect API routes, secure sessions with database adapters, and implement middleware protection.",{"path":109,"title":110,"description":111,"date":103,"readTime":9},"/blog/how-to/oauth-setup","How to Set Up OAuth Authentication Securely","Step-by-step guide to implementing OAuth 2.0 securely. Use PKCE, validate tokens properly, and avoid common OAuth vulnerabilities.",{"path":113,"title":114,"description":115,"date":103,"readTime":9},"/blog/how-to/parameterized-queries","How to Use Parameterized Queries","Step-by-step guide to using parameterized queries to prevent SQL injection. Examples for PostgreSQL, MySQL, MongoDB, and popular ORMs.",{"path":117,"title":118,"description":119,"date":103,"readTime":9},"/blog/how-to/password-reset-security","How to Implement Secure Password Reset","Step-by-step guide to implementing secure password reset flows. Prevent account takeover, token attacks, and enumeration vulnerabilities.",{"path":121,"title":122,"description":123,"date":103,"readTime":9},"/blog/how-to/postgresql-roles","How to Set Up PostgreSQL Roles and Permissions","Step-by-step guide to PostgreSQL role-based access control. Create users, assign permissions, and implement least-privilege access for your database.",{"path":125,"title":126,"description":127,"date":103,"readTime":9},"/blog/how-to/prevent-sql-injection","How to Prevent SQL Injection in Your App","Step-by-step guide to preventing SQL injection. Parameterized queries, ORMs, input validation, and common mistakes that leave your database vulnerable.",{"path":129,"title":130,"description":131,"date":103,"readTime":9},"/blog/how-to/prisma-security","How to Secure Prisma ORM","Step-by-step guide to securing your Prisma ORM setup. Prevent injection attacks, handle raw queries safely, and implement proper access control.",{"path":133,"title":134,"description":135,"date":136,"readTime":9},"/blog/how-to/implement-csrf-protection","How to Implement CSRF Protection","Step-by-step guide to implementing CSRF protection in Next.js and Express. Token-based protection, SameSite cookies, and when you actually need CSRF tokens.","2026-01-19",{"path":138,"title":139,"description":140,"date":136,"readTime":9},"/blog/how-to/jwt-security","How to Implement JWT Security","Step-by-step guide to secure JWT implementation. Choose the right algorithm, handle token storage, implement refresh tokens, and avoid common vulnerabilities.",{"path":142,"title":143,"description":144,"date":136,"readTime":9},"/blog/how-to/mixed-content-fix","How to Fix Mixed Content Warnings","Step-by-step guide to finding and fixing mixed content on HTTPS sites. Learn to identify HTTP resources, update URLs, and use Content-Security-Policy to auto-upgrade requests.",{"path":146,"title":147,"description":148,"date":136,"readTime":9},"/blog/how-to/mongodb-auth","How to Set Up MongoDB Authentication","Step-by-step guide to configuring MongoDB authentication. Create users, set up roles, enable access control, and secure your database connections.",{"path":150,"title":151,"description":152,"date":136,"readTime":9},"/blog/how-to/netlify-headers","How to Configure Security Headers on Netlify","Step-by-step guide to adding security headers on Netlify. Configure via _headers file, netlify.toml, and Edge Functions. Includes CSP, HSTS, and all essential headers.",{"path":154,"title":155,"description":156,"date":157,"readTime":9},"/blog/how-to/hide-api-keys","How to Hide API Keys - Secure Your Secrets","Step-by-step guide to hiding API keys in your web app. Use environment variables, .gitignore, and platform secrets to keep your keys safe from exposure.","2026-01-16",{"path":159,"title":160,"description":161,"date":157,"readTime":162},"/blog/how-to/how-to-hide-api-keys","How to Hide Your API Keys (The Right Way)","Step-by-step guide to securing API keys in your vibe-coded app. Learn environment variables, .gitignore, and platform-specific secret management.","8 min read",{"path":164,"title":165,"description":166,"date":157,"readTime":9},"/blog/how-to/implement-rate-limiting","How to Implement Rate Limiting in Your API","Step-by-step guide to implementing rate limiting. Protect your API from abuse with Upstash, Redis, or in-memory solutions. Includes Next.js and Express examples.",{"path":168,"title":169,"description":170,"date":157,"readTime":9},"/blog/how-to/magic-links","How to Implement Magic Link Authentication","Step-by-step guide to implementing secure magic link authentication. Passwordless login via email with proper security controls.",{"path":172,"title":173,"description":174,"date":175,"readTime":9},"/blog/how-to/github-secrets","How to Use GitHub Secrets for Actions","Complete guide to GitHub Secrets for GitHub Actions. Store API keys, access tokens, and sensitive data securely in your CI/CD workflows.","2026-01-15",{"path":177,"title":178,"description":179,"date":175,"readTime":9},"/blog/how-to/hsts-setup","How to Set Up HSTS (HTTP Strict Transport Security)","Complete guide to HSTS setup. Configure Strict-Transport-Security header, understand max-age, includeSubDomains, preload list submission, and avoid common mistakes.",{"path":181,"title":182,"description":183,"date":175,"readTime":9},"/blog/how-to/https-setup","How to Set Up HTTPS for Your Website","Step-by-step guide to enabling HTTPS with SSL certificates. Learn Let's Encrypt setup, platform-specific configuration for Vercel, Netlify, and manual server setup.",{"path":185,"title":186,"description":187,"date":175,"readTime":9},"/blog/how-to/image-upload-security","How to Secure Image Uploads","Step-by-step guide to securing image uploads. Image validation, resizing, EXIF metadata removal, storage security, and preventing image-based attacks.",{"path":189,"title":190,"description":191,"date":192,"readTime":9},"/blog/how-to/file-upload-security","How to Secure File Uploads","Step-by-step guide to securing file uploads. File type validation, size limits, storage security, malware scanning, and preventing dangerous file execution.","2026-01-14",{"path":194,"title":195,"description":196,"date":192,"readTime":9},"/blog/how-to/firebase-security-rules","How to Write Firebase Security Rules","Complete guide to Firebase Firestore and Realtime Database security rules. Learn rule syntax, common patterns, testing, and debugging your Firebase security.",{"path":198,"title":199,"description":200,"date":192,"readTime":9},"/blog/how-to/gitignore-secrets","How to Gitignore Sensitive Files","Prevent accidental commits of API keys, .env files, and credentials. Complete guide to configuring .gitignore for sensitive files in your project.",{"path":202,"title":203,"description":204,"date":192,"readTime":9},"/blog/how-to/hash-passwords-securely","How to Hash Passwords Securely","Step-by-step guide to password hashing with bcrypt and Argon2. Why you should never use MD5 or SHA, and how to implement secure password storage in Node.js.",{"path":206,"title":207,"description":208,"date":209,"readTime":9},"/blog/how-to/dotenv-setup","How to Set Up .env Files - Complete Guide","Complete guide to setting up .env files for local development. Learn the dotenv package, file naming conventions, and how to keep secrets out of git.","2026-01-13",{"path":211,"title":212,"description":213,"date":209,"readTime":9},"/blog/how-to/environment-variables","How to Use Environment Variables - Complete Guide","Complete guide to environment variables for web apps. Learn how to set up .env files, access variables in code, and configure them across different platforms.",{"path":215,"title":216,"description":217,"date":209,"readTime":9},"/blog/how-to/firebase-auth-rules","How to Write Firebase Auth Rules","Step-by-step guide to securing Firebase with authentication-based security rules. Protect your Firestore and Realtime Database from unauthorized access.",{"path":219,"title":220,"description":221,"date":209,"readTime":9},"/blog/how-to/form-validation","How to Implement Secure Form Validation","Step-by-step guide to secure form validation. Client and server-side validation, CSRF protection, honeypots for bot detection, and security best practices.",{"path":223,"title":224,"description":225,"date":226,"readTime":9},"/blog/how-to/clerk-security","How to Secure Clerk Authentication","Complete guide to securing Clerk authentication. Set up middleware, protect routes, verify webhooks, manage users securely, and implement proper authorization.","2026-01-12",{"path":228,"title":229,"description":230,"date":226,"readTime":9},"/blog/how-to/custom-domain-ssl","How to Set Up SSL for Custom Domains","Step-by-step guide to configuring SSL certificates for custom domains on Vercel, Netlify, and Cloudflare. Includes DNS configuration and troubleshooting.",{"path":232,"title":233,"description":234,"date":226,"readTime":9},"/blog/how-to/database-backups","How to Set Up Secure Database Backups","Step-by-step guide to implementing secure database backups. Automated backups, encryption, retention policies, and disaster recovery testing.",{"path":236,"title":237,"description":238,"date":226,"readTime":9},"/blog/how-to/database-encryption","How to Encrypt Database Data","Step-by-step guide to database encryption. Implement encryption at rest, in transit, and application-level encryption for sensitive data.",{"path":240,"title":241,"description":242,"date":226,"readTime":9},"/blog/how-to/firebase-auth","How to Set Up Firebase Auth Securely","Step-by-step guide to setting up Firebase Authentication securely. Configure providers, integrate security rules, verify tokens server-side, and implement custom claims.",{"path":244,"title":245,"description":246,"date":247,"readTime":9},"/blog/how-to/aws-secrets-manager","How to Use AWS Secrets Manager","Step-by-step guide to storing and retrieving secrets with AWS Secrets Manager. Secure your API keys, database credentials, and sensitive config.","2026-01-09",{"path":249,"title":250,"description":251,"date":247,"readTime":9},"/blog/how-to/connection-pooling","How to Set Up Database Connection Pooling","Step-by-step guide to database connection pooling. Improve performance and security with PgBouncer, Prisma, and serverless connection management.",{"path":253,"title":254,"description":255,"date":247,"readTime":9},"/blog/how-to/database-audit-logs","How to Set Up Database Audit Logs","Step-by-step guide to implementing database audit logging. Track who accessed what data, when, and detect unauthorized access or data breaches.",{"path":257,"title":258,"description":259,"date":247,"readTime":9},"/blog/how-to/drizzle-security","How to Secure Drizzle ORM","Step-by-step guide to securing your Drizzle ORM setup. Safe SQL queries, input validation, and access control patterns for TypeScript applications.",{"path":261,"title":262,"description":263,"date":264,"readTime":9},"/blog/how-to/add-authentication-nextjs","How to Add Secure Authentication to Next.js","Step-by-step guide to adding secure authentication to Next.js apps. NextAuth setup, middleware protection, session handling, and common security mistakes.","2026-01-08",{"path":266,"title":267,"description":268,"date":264,"readTime":9},"/blog/how-to/api-key-best-practices","API Key Security Best Practices","Comprehensive guide to API key security. Learn storage, rotation, scoping, monitoring, and incident response best practices to protect your application.",{"path":270,"title":271,"description":272,"date":264,"readTime":9},"/blog/how-to/certificate-renewal","How to Handle SSL Certificate Renewal","Step-by-step guide to SSL certificate renewal. Set up automatic renewal with Certbot, monitor expiration dates, and troubleshoot common renewal failures.",{"path":274,"title":275,"description":276,"date":264,"readTime":9},"/blog/how-to/csp-setup","How to Set Up Content Security Policy (CSP)","Complete guide to Content Security Policy setup. Learn CSP directives, implement nonces, configure reporting, and create policies for common frameworks. Includes starter templates.",{"path":278,"title":279,"description":280,"date":281,"readTime":9},"/blog/how-to/add-security-headers","How to Add Security Headers to Your Web App","Step-by-step guide to adding security headers. Protect against XSS, clickjacking, and MIME sniffing with CSP, X-Frame-Options, HSTS, and more. Includes code examples for Express, Next.js, and nginx.","2026-01-07",{"path":283,"title":284,"description":285,"date":281,"readTime":9},"/blog/how-to/auth0-basics","How to Set Up Auth0 Securely","Complete guide to secure Auth0 setup. Configure applications, handle callbacks safely, validate tokens, implement authorization, and avoid common vulnerabilities.",{"path":287,"title":288,"description":289,"date":281,"readTime":9},"/blog/how-to/check-exposed-keys","How to Check for Exposed API Keys","Methods to verify your API keys aren't exposed in your codebase, git history, browser bundle, or network requests. Find leaked secrets before attackers do.",1775843918545]