Things to consider when hosting live apps - Replit Tutorial

Okay, now that you know how to build an app and deploy it, it's time for me to put on my responsible developer hat and have a frank conversation with you about what we just did. Because I just walked you through a process where you went from a prompt all the way to a published app. We never looked at the code. We never looked at the back end. I don't know what this app is doing, how it's working, because I haven't looked at it yet. That's okay because Repl.it is a trusted resource. And when you build things in Repl.it, all the information sits inside Repl.it, meaning they have all of the security keys, they manage the database, they manage the virtual machine, they manage all the connections. And as you saw during the publication, they have security steps to ensure that everything is done correctly. Because if something goes wrong, it goes wrong on Repl.it's servers. But the way I built this app is inherently insecure. You'll remember the password for the admin is admin123. That is not a good password. And even if there was a very strong password, the way that the admin logs into the app is not very secure. So now that I've published the app, after I've tested to make sure it works for my purposes, if I intend to keep this app live on the web, I really need to go in and add a more robust login feature that has password resets, ideally doesn't have passwords at all, but has some sort of two-factor authentication and doesn't allow anyone to hack their way into the site. Also, the app I built uses AI. So I need to be very careful about how I use the app so I'm not using a lot of money on that AI usage. Right now, anyone can go to this site and leave as many questions as they want, and all of those questions use AI credits. So for this app to be useful to me only, I need to lock it down. I could add a front page with a login where I have to log in and activate it for the public, or I could rebuild it so every user has to create an account. But if I do that, I have to take care of user information, which means if I publish the app to a European audience, I have to take care of GDPR, and right to be forgotten, and all these other rules and regulations that exist. You see how building apps very quickly becomes more complex than just building the app once you publish it. So here's my advice to you. When you start building your own apps, think carefully about who the app is for. In most cases, when you build an app, the app will be for you only. If that's the case, publish it in such a way that it's only available to you. Actually, investigate how you can publish it in a way where it's not running publicly, but maybe running on your computer. Repl.it will help you build all of that out so that you set up an app that isn't a publicly available tool, but instead it's a tool just for you. Because remember, you don't have to build a web app. You don't have to build a website. You can build small apps that just do one thing really well, apps that solve a unique problem for you, or apps that demonstrate a new way of doing things. If you work in a company, you can use Repl.it to build demonstration apps or proofs of concept or MVPs or prototypes of things you want built within the company and host them so they are only available to your company or your team members as demonstrations. The possibilities here are endless, but you have to keep in mind that once you publish an app and put it on the web, it becomes available to anyone who uses the web. And you have to think carefully about what capabilities you give them and how you prevent them from using your app in ways you did not intend. And don't get me wrong here. I'm not saying any of this to dissuade you from building your own apps. I'm saying it because I want you to build apps. And I want to ensure you don't run into accidental situations by not thinking about the things that are not obvious. Because as you've seen, building an app is easy, Plugging it into all sorts of features is easy. And once you do, you have to think about who gains access to it and what they can do with those features.