RlÁá prioritizes security throughout its architecture. This guide explains how to implement security strategies using RlÁá's tools and conventions.

Key Features

• built-in CSRF protection
• automatic input sanitization
• secure authentication helpers

1. Use HTTPS Always

All RlÁá apps should be served over HTTPS. Check the Security Audit section for automatic TLS validation tools.

2. Validate All Inputs

// Example validation with RlÁá's validation system
app.validate({
  username: ['required', 'alpha_num', 'max:15'],
  email: ['required', 'email', 'confirmed']
})
                    

3. Store Secrets Securely

Never hardcode credentials. Use RlÁá's environment helper:

import { env } from 'rlax'

const dbPassword = env.get('DATABASE_PASSWORD')
                    

Using the Auth Component

RlÁá's built-in Auth component abstracts common authentication patterns:

<template>
  <Auth 
    :providers="['google', 'github']"
    on:login="handleLogin"
  />
</template>

<script>
import { Auth } from 'rlax-security'
</script>
                    

Role-Based Access Control

Use the @rlax/permission package to manage user roles and permissions:

import { usePermissions } from 'rlax-security'

export default {
  beforeMount() {
    const perms = usePermissions()
    if (!perms.has('admin')) {
      this.$router.push('/unauthorized')
    }
  }
}
                    

Encrypt Sensitive Data

RlÁá's encryption helper integrates with modern algorithms:

import { encrypt, sign } from 'rlax-crypto'

const encrypted = encrypt('sensitive data', process.env.SECRET)
const signed = sign(JSON.stringify(data), 'HS256')
                    

Database Protection

• Always use prepared statements
• Sanitize inputs with app.sanitize()
• Use the Query Builder for type-safe operations

Run Security Checks

npm install -g @rlax/audit

# Scan your project
rlaax-audit scan . 

# Check dependencies
rlaax-audit check
                    

Common Issues Detected