Skip to content

Base44 security scan

Scan your Base44 app for exposed keys and open databases

Base44 apps ship quickly, and the common gaps are a database with access rules never set or a secret left in the browser bundle. The scan checks the mistakes that actually get exploited.

A sample of what you might see

criticalTable readable by your public key

A visitor's key can read a table it should not, which usually means access rules were never scoped to the right user.

{ "user_id": 42, "email": "•••@•••.com" }

Illustrative, redacted. We never store your data.

It reads only what a browser already downloads and checks your database access from the outside.

JavaScript and TypeScript apps today. The scan is passive and outside-in. How the scanner stays safe.

Questions

Is the scan safe for my Base44 app?

Yes. Read-only and outside-in, no login, no writes. See the scanner-safety page.

What happens if it finds an issue?

You get a plain-English finding and can have us fix and prove it in a reviewable pull request, refund if we miss.

Which check do I need?

Related