if we’re talking about a personal website nobody will care. if you are a multibillion company and there’s the risk that literally anyone can create a 1:1 clone of your services… yeah that’s a bit of a trouble
That’s the thing, it’s not actually a security measure. Security through obscurity is not security. It can provide false security impression that is more harmful in my opinion.
Having source maps can encourage proper security practices. Which, in my books, very much outweighs any security benefits of hiding them.
no it doesn’t, and I am very aware that if anything runs on someone’s computer then it can get replicated.
but it gets slightly harder, also to reverse-engineer it or find potential fallacies.
as well as source maps on prod are just a waste of bandwidth
depends.
if we’re talking about a personal website nobody will care. if you are a multibillion company and there’s the risk that literally anyone can create a 1:1 clone of your services… yeah that’s a bit of a trouble
Omitting source maps doesn’t prevent that.
No, but it’s a sensible security measure. Anything to make it harder.
That’s the thing, it’s not actually a security measure. Security through obscurity is not security. It can provide false security impression that is more harmful in my opinion.
Having source maps can encourage proper security practices. Which, in my books, very much outweighs any security benefits of hiding them.
no it doesn’t, and I am very aware that if anything runs on someone’s computer then it can get replicated. but it gets slightly harder, also to reverse-engineer it or find potential fallacies. as well as source maps on prod are just a waste of bandwidth
Dunno, this “harder” argument while valid sounds just like false security. That’s why I don’t see much weight in it.
As for bandwidth, source maps are not automatically pulled from server, so it also seems like a false issue to me.