Application & registration process without requiring a login

Ask for Help
1

I’m building an app for a school.
They want to be able to handle the application process through the app.
Then once they applicant is accepted they should be able to submit additional information and documents (that will be added to their already submitted information) to complete the registration process.

The school wants this to be possible without the applicant needing to login.

What’s the best way to handle this in Glide?

This is the current setup but I have my doubts about it…
I made the app optional signin.
I created a custom link that gets sent to the applicant once they finish filling the application. It’s basically the detail screen of their row ID that has buttons that based on them meeting certain conditions (like being accepted) they will be able to open and submit different information that adds to their existing row.

  1. I wasn’t sure if this is secure enough.
  2. It’s not very quick to create more advanced forms and manage the conditions that show different parts of the page at different point in the process.

Is there a better or more recommended way to handle this in glide that’s secure and easy to maintain and update?

Thanks in advance!

2

Using the row ID directly is definitely a red flag for security; it is often predictable, so someone could guess another applicant is link.

The better approach is to generate a unique, non sequential token (like a UUID) for each application and store that value in a column. Use that token as the parameter in your custom link; it is much harder to guess and makes the process far more secure.

3

RowID’s are not easily guessable. Maybe not quite as unique as a UUID, but still would takes centuries to crack it. Your bigger concern with a public app is that anyone can snoop the data if they know how to do it, because there is a large chance that that all that data is synced to a user’s device. Using Row Owners and authentication prevents that.

2 Likes
4

This is a nice approach:

  1. Before the sign-in, the content is public and accessible to all
  2. After the sign-in, data can be associated with the signed-in user and is therefore private.

I don’t think you could have private data without a sign-in.