09 - Security and Hardening
Security is a core Tauri advantage only if configured correctly.
Core principles
- Least privilege permissions
- Strict input validation
- No blind trust between UI and backend
- Defense in depth (CSP + command validation + safe defaults)
Hardening checklist
- Restrict permissions in capability config
- Use strict Content Security Policy
- Disable unused APIs/plugins
- Validate every command parameter
- Avoid
unwrap()in security-sensitive paths
Example threat model
| Threat | Mitigation |
|---|---|
| Malicious path input | Canonicalize + enforce allowed directories |
| Script injection in UI | CSP + output encoding |
| Unsafe shell command | Fixed command allowlist + argument validation |