Syntax - Tasty Web Development Treats

932: Vibe Coding’s Huge Problem

93 snips
Aug 27, 2025
Wes and Scott dive into the perils of vibe coding in authentication and access control, sharing real-world security mishaps. They emphasize the risks of client-side-only checks and the importance of server validation with engaging examples. Listeners will also hear about the challenges of implementing robust access control in web apps and tips for safeguarding sensitive data. Additionally, the episode takes a lighter turn discussing the art of enhancing home ambiance with hotel scents and the joys of essential oils.
Ask episode
AI Snips
Chapters
Books
Transcript
Episode notes
ANECDOTE

AI-Generated Auth Mistake

  • Wes accidentally let an auth check run only on the client when scaffolding quickly.
  • The generated UI even told users the cookie value to gain access, exposing the flaw.
ANECDOTE

Mass Exposure Of Sensitive Files

  • The T-app stored uploaded driver's licenses in a Firebase bucket with a wide-open endpoint.
  • Attackers could scrape and download sensitive documents because access controls were missing.
ADVICE

Don't Vibe Code Access Control

  • Avoid vibe coding access control; implement explicit permission checks instead.
  • Break permissions into simple yes/no or CRUD checks and enforce them on the server.
Get the Snipd Podcast app to discover more snips from this episode
Get the app