this post was submitted on 21 Jun 2025
1 points (100.0% liked)

Self-Hosted Alternatives to Popular Services

222 readers
2 users here now

A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web...

founded 2 years ago
MODERATORS
bot@lemmit.online
1
How do you verify if a self-hosted app is secure before using it? (old.reddit.com)
submitted 2 months ago by bot@lemmit.online to c/selfhosted@lemmit.online
0 comments fedilink hide all child comments
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/514sid on 2025-06-20 20:32:24+00:00.

When you're about to self-host something, especially if it's going to be exposed to the internet, how do you make sure it's actually secure?

Some things I'm wondering:

  • Do you check if the docs cover how to properly set up reverse proxies, CORS policies, security headers etc. before using the app?
  • How much do you trust the community or GitHub issues to get a sense of how secure it is?
  • Does anyone actually look through the code? Not just for malicious stuff, but things like bad defaults or missing security features?
  • What do you consider a red flag that makes you avoid a project?

I’m not talking about advanced audits — just the basic checks you do before deciding to run something on your own setup.

Curious how others handle this.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here