Best Practices
Security Checklist
Pre-deploy security checklist covering auth, RLS, input validation, and API route protection.
Pre-Deploy Security Checklist
Authentication
Every API route calls
requireAuth()Session tokens stored in HTTP-only cookies
Password minimum 8 characters enforced
Database
Row Level Security enabled on every table
All queries scoped to
user_idNo raw SQL — use parameterized queries (Drizzle ORM)
Environment
.env.local in .gitignoreNo secrets in client-side code (
NEXT_PUBLIC_ prefix)Service role key only used server-side
API Routes
Input validation on all endpoints
Generic error messages (no stack traces)
Rate limiting on auth endpoints
Webhook signature verification
Get the full security.ts utility library in the course.
Want the full course?
The Claude Code Course includes 3 modules, the Quick Wins library, templates, and Ryan's personal security setup.
Sign Up for the CourseOne-time purchase. Keep forever.