(no title)

We also encourage people not to use Hoodie in production, yet :)

What @gr2m means: there is no reason Hoodie’s mail feature would work any different from a traditional web app. At some point a server side will validate a client request, and if valid, translate that into sending an email (Gmail comes to mind). Hoodie’s email plugin can do exactly that, except that today’s implementation is a mere sketch of that, like other parts of Hoodie, that show what can be done, but aren’t hardened against production use, yet. None of that means though that Hoodie behaves any differently from a security/abuse/DOS perspective than any other web app :)

To be fair they are still working on 0.x, they probably don't recommend the whole thing to be used in production (although I personally wouldn't mind for some specific projects...). At this stage, I understand they just want to showcase some cool stuff. This being said, we should always be really careful about security when using dependencies, especially when it's in beta, and especially when mostly everything is done client side. It would be also nice if something more explicit was mentioned on the hoodie website. Like the last release version for example (0.x).

Our goal is to lower the barrier of entry to build fully capable applications. While using the simple email plugin is not a good idea in a production app, there is no problem to use it with an app that runs on your computer only, or in your companie's intranet.

I know this is nightmare to system architects / backend developers at first sight, but trust us, we know exactly what we are doing. We have excellent architects on our team, you just might not be our primary target group here.

But thanks for your feedback, much appreciated!