Hello all, can anyone let me know if the below would be production safe ? I think so just wanted to clarify
Goal, sales person sends a customer a deal proposal, which they have to apply for with details such as address history etc, when they apply the date lands back in the sales persons glide apps
The plan, and the are of potential concern is this
When the sales person sends their proposal the quote goes to a glide table linked to their app. Then the customer gets a URL parameter link referencing that row to pull data to screen (no confidential data in the original row
) just product and price / payment plan
Then the user submits a form to submit which uses glide API to populate another table in the sales person app.
The only table linked to the customers glide all is the product quote which will be a few columns of basic info, again, nothing sensitive
Another key factor here is the customer would not be logged in
Alsoto note, the URL parameter such as an uid, if the uid was copied or found my other people there is no detrament effect as the row id is not linked to the customers
To note here the form will make some API calls and ideally have pagination so maybe another table in app to handle page number etc but all columns are āspecificā user columns, I cannot remember the name of the tick box when you make a column
Always assume all data in the tables used by the app will be downloaded to the userās device regardless if they visibly see it or not. Itās still stored on their device and can be found if the they know how to look for it. The exception would be if Row Owners are applied, which doesnāt seem to be in your case. If you donāt have any problems with that quote data being physically stored on user devices, then you should be fine.
I donāt know exactly how you are handling your form, but it sounds like you are obtaining PII from the user before sending it through the API. If those form values are stored in a table used by the app, then it can potentially end up on other user devices. If you are storing that PII data in user specific columns, then you may be fine, because user specific data is only stored temporarily for the duration of the session when a user is not signed in. User specific columns are safe because no two users will ever see shared data in those columns.
If you want a better answer, you may need to explain your form process in more detail to make sure PII isnāt being stored somewhere in basic columns.
Hi Jeff, I guess to dive a little deeper, the source data for quotes can even just be URL parameters and not link to a table, it is just a case of product id and value thats all.
now the actual form for the end user , as I dont wish to have the user sign up (Due to expensive monthly user fees for a one time order), I was going to have a 1 row table which i call ācacheā
in this table is all the fields needed for the form to function, such as entering the users postcode which they will use in an address lookup to populate full address.
All fields in this cache row will be user specifc columns like below (different app, no pii)
after that, rather than adding the form submission to a row and potentially having a pii based data source connected to the app i wil use glide api to add it to another table. which is this case is also easier due to 100+ columns to complete in the form.
Yeah, as long as you are calling the Glide API in a secure way (not using the JavaScript column as to expose your keys), then you should be good from what I can see.
