Solid Start SSR Security & Gotchas
Hello,
I’m starting a new project with Solid Start and I’m trying to get a deeper understanding of how server functions (e.g., action(), query()) behave from a security perspective.
I’ve read through the docs, but I still want to make sure I understand the boundaries clearly — especially how Solid Start isolates server code, what attack surfaces exist when exposing server functions as RPC endpoints, and whether there are any common pitfalls or patterns that developers need to avoid in real projects.
What Im looking for are:
- best practices for securing server functions
- mistakes you’ve seen people make
- anything that’s not obvious from the documentation
Thanks in advance for any guidance.
I’m starting a new project with Solid Start and I’m trying to get a deeper understanding of how server functions (e.g., action(), query()) behave from a security perspective.
I’ve read through the docs, but I still want to make sure I understand the boundaries clearly — especially how Solid Start isolates server code, what attack surfaces exist when exposing server functions as RPC endpoints, and whether there are any common pitfalls or patterns that developers need to avoid in real projects.
What Im looking for are:
- best practices for securing server functions
- mistakes you’ve seen people make
- anything that’s not obvious from the documentation
Thanks in advance for any guidance.
