I have a glide app that requires users to sign in to see and edit their account information page. But I can copy and paste the URL from that page - and it can be viewed by a user that is not signed in. How do I secure the URL of certain pages so they cannot be shared?
Is this a public app or a public with email app? Do you have to sign in to access the app at all, or can sign in occur after the fact? If the app is requiring sign in to access the app in the first place, then something doesn’t seem right.
If an app is requiring a user to sign in, then it should still require the user to sign in when following a deep link. The only time it wouldn’t, would be if they are already signed into the app. Are you 100% sure that no user is already signed in when they follow a deep link?
If, on the other hand, it’s a public app, and the data is not protected behind Row Owners, then there is no assumption of security. Simply hiding data behind filters or visibility is not a secure method of protecting data, because all of that data has already been downloaded to the end user’s device. The only guaranteed way to protect data is to either use Row Owners, or make the app private and accessible by a whitelisted list of people.
2 Likes
This is an app that eventually you sign into. There are public pages that we want visible. Then, when the user needs access to visibility-controlled pages - they are required to sign-in. (I’m simply changing the visibility of a button that takes them to that page. if no email then no visibility.)
Thanks for the info Jeff. I will look into the Row Owners option.
1 Like
yes- row owner worked. I simply changed the column “@email” and selected “turn on row owner” . And this is project-specific. I also have a glide “page” for administrators that uses the same data sheet. “row Owner” is activated only on the app that the public sees.
3 Likes
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.