I hope everyone is doing okay.
I've built a React.js website which is hosted in a server with SSL, but I'm not sure whether it's secure or not. That's why I decided to ask you for some advice/tips or solutions that will make my website secure.
In this app, I require the user to log in. After the user logs in, my app proceeds to send the credentials (with a Post Request) to my backend server, which is an API hosted in another domain. Then my API uses the post request data for web scraping and eventually returns some data to my frontend.
In the whole process, the only important data are the login credentials. What I did so far to make my website more secure was:
- Using SSL both on my backend and frontend
- The app does not hold any data (it doesn't have a database, it doesn't use cookies, etc.)
- I limited the number of requests that can be made to my backend server in a second/minute/hour/day.
- I only use one post request to transfer data between frontend-backend. (frontend sends a post request, backend sends a post request to the website that needs to be scraped, and returns frontend's post request with scraped data)
- I don't know the use of this but I read somewhere that using With Credentials in your post request makes it more secure? (I'm not sure about this one.)
(Also, it will be an open-source project, so people will be able to see ) I read that SSL will encrypt my post request, I also used Fiddler to see whether it's encrypted or not, it was.
Is it possible for individuals with malicious intentions to trace the data I send with the post requests?
Do you think it's secure enough?
Thanks