I’m building an app for a school.
They want to be able to handle the application process through the app.
Then once they applicant is accepted they should be able to submit additional information and documents (that will be added to their already submitted information) to complete the registration process.
The school wants this to be possible without the applicant needing to login.
What’s the best way to handle this in Glide?
This is the current setup but I have my doubts about it…
I made the app optional signin.
I created a custom link that gets sent to the applicant once they finish filling the application. It’s basically the detail screen of their row ID that has buttons that based on them meeting certain conditions (like being accepted) they will be able to open and submit different information that adds to their existing row.
I wasn’t sure if this is secure enough.
It’s not very quick to create more advanced forms and manage the conditions that show different parts of the page at different point in the process.
Is there a better or more recommended way to handle this in glide that’s secure and easy to maintain and update?
Using the row ID directly is definitely a red flag for security; it is often predictable, so someone could guess another applicant is link.
The better approach is to generate a unique, non sequential token (like a UUID) for each application and store that value in a column. Use that token as the parameter in your custom link; it is much harder to guess and makes the process far more secure.
RowID’s are not easily guessable. Maybe not quite as unique as a UUID, but still would takes centuries to crack it. Your bigger concern with a public app is that anyone can snoop the data if they know how to do it, because there is a large chance that that all that data is synced to a user’s device. Using Row Owners and authentication prevents that.
Is there a way to have forms submitted, keep information private and secure without requiring a login? Or would I need to approach this by using an external tool to host the forms and then send the data to glide?
The administration needs to manage the registration and approve the forms that are being sent in but the students applying and registering do not need to sign and we don’t want to require that just for them to complete an application form.
So can you have users adding information to their existing row from the public facing app and still have it be secure? Or is there a better approach? That’s what I’m trying to figure out…
You can apply row owners to the table where the data is being submitted, but as soon as the user submits the form, they no longer have access to it unless they are signed in. Based on you wanting to allow users to add additional information later, this may become difficult to manage unless you find a different way.