GL
Gleam Security
Security practices for Gleam web and server applications
Details
Language / Topic
GleamCategory
Security
Rules
balanced
- Never interpolate user input directly into SQL queries — use parameterized queries via `gleam_pgo` or `sqlight` bindings.
- Validate and sanitize all external inputs at module boundaries using custom type constructors that enforce invariants.
- Store secrets in environment variables accessed via `gleam/erlang/os.get_env` — never hardcode credentials in source files.
- Use `wisp` middleware or custom request filters to enforce authentication checks before routing to handler logic.