API Requests from frontend only - Security issue #6
Description
Currently, the app runs as a front-end only implementation, making it insecure and vulnerable. All requests to the API and database are initiated directly from the front-end. Since users can inspect these requests through browser developer tools, this exposes sensitive data and logic, leading to security risks such as unauthorized access and data breaches.
Proposed solution:
- Move sensitive operations to a back-end server.
- Implement secure APIs to handle database interactions.
- Add user authentication and authorization to the server-side logic.