932: Vibe Coding’s Huge Problem

Syntax - Tasty Web Development Treats

Wes Bos

Js, Technology, Css, Html5, Tech News, Webdevelopment, News, Javascript, Html

4.9 • 1.1K Ratings

🗓️ 27 August 2025

⏱️ 23 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Wes and Scott talk about the dangers of vibe coding when it comes to authentication and access control. They share real-world examples of security fails, discuss how to avoid client-side-only checks, and offer practical tips for protecting sensitive user data in your apps. Show Notes 00:00 Welcome to Syntax! We build the world’s most painful CAPTCHAs (Kitboga scammers) 02:08 Brought to you by Sentry.io 02:33 Wes’ vibe coding experience Wes’ app 04:38 The Tea app disaster Tea app 07:45 Don’t vibe code access control Better Auth with Better Auth 09:38 Let in, don’t lock down 11:23 Server vs. client-side code 13:46 Visualize access control 15:30 Automate tests 17:00 Sick Picks + Shameless Plugs Sick Picks Scott: A City on Mars Wes: Hotel Collection Essential Oils Shameless Plugs Syntax YouTube Channel Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Transcript

Click on a timestamp to play from that location

0:00.0	Welcome to syntax. Today we're talking about vibe coding. It has a serious problem.
0:06.1	Specifically around, I think vibe coding has a lot of problems. And I'm saying that as somebody who
0:11.3	likes to vibe code as much as the next guy. But I'm saying vibe coding has no problems and is
0:17.0	excellent just so that the comments are balanced on this one. There we go.
0:21.1	Okay.
0:23.6	So there's obviously a lot of problems,
0:27.0	but today I want to specifically talk about something that has hit me and something that hit a major website, that T app.
0:29.7	And that is authentication and access control on vibe coded things.
0:34.8	And I think that we are about to see a wave of security issues pop up.
0:40.6	And I want to talk today about what those problems are and how you, the brain dead vibe coder,
0:47.3	can solve these things or how I think you should be actually approaching access control
0:53.3	in apps that you're building.
0:55.2	So what's up?
0:55.9	My name is Wes Boss.
0:56.9	I am the winner of the Kidaboga Code Jam.
1:01.5	If you didn't catch it yet, we all built CAPTCHAs.
1:05.7	And we have a video on the syntax YouTube channel about the worst CAPTCHAs you could ever build.
1:11.9	Kidoboga is a YouTuber who scams scammers. And what he does is he has his VM and that he just has these
1:18.9	hilarious captions. And we all built a couple captures for it. And mine was the winner because it was
1:25.2	the best voted by him, Kitaboga.
1:29.1	Um, Kit Boga. Why don't I say Kit Aboga? There's no A in there.
1:32.7	Kit Boga. That's always, it's always fun. Yeah. If you haven't seen that video,
	...

Transcript will be available on the free plan in 23 days. Upgrade to see the full transcript now.

Previous episode

Disclaimer: The podcast and artwork embedded on this page are from Wes Bos, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Wes Bos and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.