I'm not sure that logrocket belongs on such a "security" checklist. While I understand the value that they propose to offer, I'm not sure that wholesale recording your users' sessions and then sending them to a third-party server for storage and retrieval really meshes with my idea of security - especially if the site contains PII. I fully understand that you can intentionally do work to hide that information from logrocket, but that is putting a lot of trust in both devs and in logrocket to get that one right.<p>While there may be such a tool, I'm not aware of something like this that runs as a first party script and uses local storage. It would indeed be very useful to escape the logs->screenshots->can't reproduce cycle mentioned.
TL;DR: The advice is:<p><i>"use Open source software", "add logging", "set all pages to HTTPS"</i> and follow a <i>"top 10 list of the most critical security threats"</i><p>Sad state of things.<p>The concept of having your work done by "Full Stack Developer" will not be nice for opening up potential security holes, in my opinion.<p>Additionally, I don't think there exists a real "Full Stack" dev, and I'm not alone in this opinion; click anywhere:<p><a href="https://medium.com/swlh/the-full-stack-developer-is-a-myth-4e3fb9c25867" rel="nofollow">https://medium.com/swlh/the-full-stack-developer-is-a-myth-4...</a><p><a href="https://news.ycombinator.com/item?id=10182936" rel="nofollow">https://news.ycombinator.com/item?id=10182936</a><p><a href="http://andyshora.com/full-stack-developers.html" rel="nofollow">http://andyshora.com/full-stack-developers.html</a><p><a href="https://frontendmasters.com/books/front-end-handbook/2017/practice/myth.html" rel="nofollow">https://frontendmasters.com/books/front-end-handbook/2017/pr...</a><p><a href="https://vitamintalent.com/blog/the-myth-of-the-full-stack-developer" rel="nofollow">https://vitamintalent.com/blog/the-myth-of-the-full-stack-de...</a><p><a href="https://techcrunch.com/2014/11/08/the-rise-and-fall-of-the-full-stack-developer/" rel="nofollow">https://techcrunch.com/2014/11/08/the-rise-and-fall-of-the-f...</a><p><a href="https://www.propelrr.com/blog/ux/full-stack-web-developer.html" rel="nofollow">https://www.propelrr.com/blog/ux/full-stack-web-developer.ht...</a>
> In Node, if you use Express (find out in the next article why you shouldn’t , but most people do)<p>Now that's just mean. Why can't he just say it there!