Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/VolkanSah/GPT-Security-Best-Practices

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks.
https://github.com/VolkanSah/GPT-Security-Best-Practices

ajax ajax-request chatgpt chf code-security html js php security security-risks server-side serverside-rendering vulnerabilities vulnerabilities-fix

Last synced: about 1 month ago
JSON representation

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks.

Awesome Lists containing this project

README 

        
# GPT Security Best Practices



[Source of this GPT Security Best Practices](https://github.com/VolkanSah/GPT-Security-Best-Practices/) look for updates before you use these tips if it is forked!



As an AI language model enthusiast, I often find myself alarmed by the way sensitive data is carelessly handled in various applications. While the excitement around GPT is understandable, the improper handling of sensitive information poses significant challenges for administrators and security professionals managing servers rented by clients. This document aims to provide best practices for securely implementing GPT in web applications to prevent security vulnerabilities and protect sensitive data.



## Table of Contents

- [Introduction](#Introduction)

- [Security Risks and Vulnerabilities](#Security-Risks-and-Vulnerabilities)

- [Using Environment Variables in PHP](#Using-Environment-Variables-in-PHP)

- [Best Practices for Implementing GPT](#Best-Practices-for-Implementing-GPT)

- [Choosing the Appropriate API Endpoint](#Choosing-the-Appropriate-API-Endpoint)

- [Code Example](#Code-Example)

- [Credits](#Credits)



## Introduction

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing GPT in web applications and to provide best practices for mitigating these risks.



## Security Risks and Vulnerabilities

- Storing sensitive data in JavaScript

- Exposing API keys and request URLs in the browser console



1. Use server-side languages like PHP for handling sensitive data and functions

Instead of using JavaScript to handle sensitive data, use server-side languages like PHP. This will keep the data secure and away from the client-side, where it could be accessed through the browser console.



```php

load();

```



Access the API key from the environment variables:



```php

 'gpt-3.5-turbo',

    'messages' => $messages

  );



  curl_setopt($ch, CURLOPT_URL, $request_url);

  curl_setopt($ch, CURLOPT_POST, 1);

  curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));

  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

  curl_setopt($ch, CURLOPT_HTTPHEADER, array(

    "Content-Type: application/json",

    "Authorization: Bearer $api_key"

  ));



  $response = curl_exec($ch);

  $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

  curl_close($ch);



  return array('response' => $response, 'httpcode' => $httpcode);

}

```



Call the send_chat_completion_request() function and process the GPT API response:



```php

 'system', 'content' => 'You are talking to a helpful assistant.'),

  array('role' => 'user', 'content' => $inputText)

);



$result = send_chat_completion_request($api_key, $request_url, $messages);



if ($result['httpcode'] == 200) {

  $json_response = json_decode($result['response'], true);

  $assistant_reply = $json_response['choices'][0]['message']['content'];



  // Return the response to the front-end

  echo $assistant_reply;

} else {

  // Handle error cases

  echo "Error: " . $result['response'];

}

```



This example shows how to use the /v1/chat/completions endpoint with the gpt-3.5-turbo model. The send_chat_completion_request() function sends a request to the API with the input text and receives the generated response. The assistant's reply is then returned to the front-end.



## Other Note

Additional resources and notes that might be helpful for understanding and implementing the best practices mentioned in this document.



- [Secure Implementation of Artificial Intelligence (AI)](https://github.com/VolkanSah/Implementing-AI-Systems-Whitepaper/tree/main)



### Credits

S. Volkan Kücükbudak



- ## Your Support

If you find this project useful and want to support it, there are several ways to do so:



- If you find the white paper helpful, please ⭐ it on GitHub. This helps make the project more visible and reach more people.

- Become a Follower: If you're interested in updates and future improvements, please follow my GitHub account. This way you'll always stay up-to-date.

- Learn more about my work: I invite you to check out all of my work on GitHub and visit my developer site https://volkansah.github.io. Here you will find detailed information about me and my projects.

- Share the project: If you know someone who could benefit from this project, please share it. The more people who can use it, the better.

**If you appreciate my work and would like to support it, please visit my [GitHub Sponsor page](https://github.com/sponsors/volkansah). Any type of support is warmly welcomed and helps me to further improve and expand my work.**



Thank you for your support! ❤️