We’ve established that employing Row Owners or User-Specific Columns is crucial for safeguarding our application and preventing data exposure. However, I’m curious about how we can assess what becomes exposed when we don’t utilize Row Owners or User-Specific Columns.
Could someone please suggest a method to effectively test and verify this scenario?
It’s quite complex to dig into the code and cached data, but the people that know how to do it are are people you need to worry about the most. It’s not as straightforward as just looking at something and saying, “oh there it is”. It takes a bit of digging and debugging to find it.
Just remember that all data not protected my Row Owners, User Specific columns, or Private user access, is downloaded and cached on the end user’s device. Always assume that data that is not protected can be accessed by an unintended target. Simple filtering or visibility controls will not protect your data as that is all computed once the data has already been sent to the device.
It’s not about how hard it is to find and access the data. It’s about not making the data accessible in the first place. I think it’s a lot easier to just be mindful of that fact instead of trying to figure how to do it. I’m not a hacker by any means, but I’ve done some digging and found things when looking at the code and cached data. Now imagine what someone can do when they actually have the necessary skills.
Thank you for the insights. Although, I understand that this it not ideal to go looking for this, I was hoping someone could share or refer me to where I can try it out for myself. Sometime seeing it believing.