The account lockout mechanism really stood out to me—it's a standard feature in security-first systems that I completely overlooked. I'll definitely look into implementing that to mitigate brute force risks.
Regarding encryption at rest, it is the most important takeaway from your advice. Would you advise I handle encryption at the application level or at the database level? I'd love to hear your thoughts on the trade-offs.
nifemi1234•1mo ago
I am a junior backend engineer. My main objective in sharing this project is to connect with seasoned experts who can provide quality feedback. I joined this community as I am ready to learn, and I am willing to be corrected.
I just wrapped up PharmVault—an offline-first secure notes app using Spring Boot 3 and JWT.
I’m seeking honest feedback on the codebase and architecture. I want to ensure that my implementations and back-end architecture follow industry standards.
If any feedback on the structure or security could be given, it would be much appreciated.
Video Walkthrough: https://youtu.be/D8ZgmBePmus (You can skip to 1:45 to see the Backend Architecture, API testing, and the database flow).
I look forward to your responses!