My app currently has two types of users - signed in and anonymous.
Anonymous users can only view the app, signed in have full CRUD access.
I would like a way of anonymous / not signed in users to have to enter a password (not their email) so that the app is not completely open to anyone who has the link.
I’ve set up an app (link below) to use as a test - and would love some thoughts.
It simply asks an anonymous user to enter a password into a user specific field. It matches the password entered with a list of password in a table) - if the password matches - access is given. Depending on which password is entered, they are given a specific list of events for that password.
Again - I know this is not massively secure, but it is better than nothing. Also aware that a browser refresh means that the user needs to enter the password again.
I would share the password with anyone needing access to the site. Of course I have no idea who is logging in - but that is not vital.
I think it depends how important it is that data is kept secured. As I’m sure you are aware, any anonymous user that was sufficiently skilled and motivated could potentially gain access to your full list of passwords (and any other data that isn’t protected by Row Owners). If you don’t care about that risk, then…
The other thing is it is possible that this is a violation of Glides Terms of Use. I’m not 100% sure of that, and it could be a bit of a grey area, but you should check that out to be sure.
The approach described - allowing anonymous users to access the app by entering a shared password (not tied to an email or identity), with the password checked against a list in a table - violates the following specific section:
As further set forth in the User Data Rules and Restrictions, available at glideapps.com/legal/user-data, you are not permitted to Process certain types of User Data in connection with your use of the Services. … Any violation of the User Data Rules and Restrictions will be deemed a violation of this Agreement and is grounds for termination of your right to use or access the Services.
This section states that violating the User Data Rules and Restrictions (such as storing unencrypted passwords) is also a direct violation of the Terms of Service.
Unencrypted passwords and other login credentials, such as authentication tokens.
The post describes storing a list of passwords in a table and matching user input against this list. This means unencrypted passwords are being collected, stored, and processed within the Glide app. Glide’s User Data Rules and Restrictions explicitly prohibit collecting, uploading, storing, transmitting, displaying, modifying, or otherwise processing unencrypted passwords in any application created using Glide.
Just to be sure - I was not trying to avoid having to have too many users - it is just not practical in this use case to give everyone an account as they 1) Only need to view data and 2) would only need to access it very occasionally.
But I can see it is against the policy - Good to know it works though!