Shipping Safely

SheBuilds
Line Hjartarson
Hi, I'm

Line Hjartarson

SheBuilds S02 Alum + Lovable Ambassador

Design engineer @ aline.no

A couple of projects

Built with Lovable

Get To Give
My SheBuilds S02 project

Get To Give

gettogive.co

Scan for gettogive.co
Glint
Built with a SheBuilds S01 alum

Glint

withglint.co

Scan for withglint.co
The gap

Works in the demo ✓

/

Safe for real users ?

What security means

Not just hackers in hoodies

Strangers reading your users' data

Someone posting as someone else

Your paid API keys, spent by other people

Real example

Shipped wide open

170+ apps exposed
0 logins needed
CVE-2025-48757
Scope

Enough to ship safely

Three common leaks

One live fix

A checklist to keep

The risks

How a hackathon app leaks

No login

Login but no database rules

Secrets in the frontend

Leak 1

No login

Anyone with the link can read and write
add authentication

Leak 2
"The UI is a suggestion.
The database is the law."

Login looks safe, but the database still answers anyone
add row-level security

Leak 3

Secrets in the frontend

An open API key is an API key for everyone
keep secrets server-side

Demo

What just happened

Two steps, a few minutes

Before

  • No login
  • Open database
  • Anyone reads everything

After

  • Login required
  • Own data only
  • Each user sees their own
Takeaway

The ship checklist

Auth on anything that stores user data

RLS on every table

No secrets in the frontend

Run Lovable's security scan

My simplest advice

Log in as someone else

The one habit that catches most leaks

Boilerplate

Launchpad

The boring but critical stuff

launchpad-s03.lovable.app
Scan for launchpad-s03.lovable.app
Questions?

Thank you

aline.no