I am a junior backend engineer. My main objective in sharing this project is to connect with seasoned experts who can provide quality feedback. I joined this community as I am ready to learn, and I am willing to be corrected.
I just wrapped up PharmVault—an offline-first secure notes app using Spring Boot 3 and JWT.
I’m seeking honest feedback on the codebase and architecture. I want to ensure that my implementations and back-end architecture follow industry standards.
If any feedback on the structure or security could be given, it would be much appreciated.
Video Walkthrough: https://youtu.be/D8ZgmBePmus (You can skip to 1:45 to see the Backend Architecture, API testing, and the database flow).
Nice project! Spring Boot with JWT is a solid foundation for secure notes. One consideration: consider adding rate limiting and account lockout mechanisms to prevent brute force attacks. Also, encryption at rest for stored notes would strengthen security posture.
The account lockout mechanism really stood out to me—it's a standard feature in security-first systems that I completely overlooked. I'll definitely look into implementing that to mitigate brute force risks.
Regarding encryption at rest, it is the most important takeaway from your advice. Would you advise I handle encryption at the application level or at the database level? I'd love to hear your thoughts on the trade-offs.
I am a junior backend engineer. My main objective in sharing this project is to connect with seasoned experts who can provide quality feedback. I joined this community as I am ready to learn, and I am willing to be corrected.
I just wrapped up PharmVault—an offline-first secure notes app using Spring Boot 3 and JWT.
I’m seeking honest feedback on the codebase and architecture. I want to ensure that my implementations and back-end architecture follow industry standards.
If any feedback on the structure or security could be given, it would be much appreciated.
Video Walkthrough: https://youtu.be/D8ZgmBePmus (You can skip to 1:45 to see the Backend Architecture, API testing, and the database flow).
I look forward to your responses!
The account lockout mechanism really stood out to me—it's a standard feature in security-first systems that I completely overlooked. I'll definitely look into implementing that to mitigate brute force risks.
Regarding encryption at rest, it is the most important takeaway from your advice. Would you advise I handle encryption at the application level or at the database level? I'd love to hear your thoughts on the trade-offs.