Before I spend time figuring out the solution to this predicament, was wondering if anyone else already has a solution:
A long standing annoyance with Glide is race condition vulnerabilities due to lag (regardless of the data source).
Let’s say I have an app that allows users to spend points on digital goods. Often, these vulnerabilities will allow users to spend points that they don’t have because Glide might not calculate the spending of points fast enough and in turn allows users to spend points for the same item more than once and cause the user to go into negative points.
This vulnerability is more obvious if the user is signed into multiple devices and attempts to spend points from the two devices simultaneously.
I imagine some sort of request → webhook → verify funds → clear request system might work, but it might also be update-intensive AND might introduce new race condition vulnerabilities related to request verification, etc.
Thoughts?
I would not call this a vulnerability, as visibility conditions in Glide are not a security feature. They are just aesthetic. Even row owners would not solve this issue since the problem lies in concurrent updates rather than unauthorized access. Additionally, row owners would only give access or not.
Glide operates on a sync-based model rather than real-time transactions, which means race conditions like this are expected in scenarios where multiple devices can trigger updates simultaneously.
A workaround would be to implement a request-queue system using a webhook to verify and process transactions sequentially, but as you mentioned, that introduces additional update delays and potential new race conditions. Ultimately, it is a limitation of Glide’s architecture rather than a security flaw.
I had too long to say so I wrote it in French in ChatGPT to translate while using poetic words 
Ya, I never mentioned that this limitation is a security flaw, so maybe vulnerability is the wrong word to use. Perhaps just simply “race condition” suffices.
2 Likes
Assuming you can’t use SQL in the database, and a button is triggering the action for using points, could you use a ‘wait’ condition when the user pushes the button and then set a visibility condition to the button 'if users ‘points’ < 0.
Assuming each user has a ‘points’ column.
2 Likes
I did something to prevent double click a button but I don’t think 10 ms between 2 clicks would be enough. I need to try that!