-
A Private Pro App, just like a Pro App with the Public with Email option, will authenticate the same way. So the user will enter their email and receive a one time use PIN to authenticate themselves to the app. Authentication cookies are then stored on the user device until they sign out or you choose to not store authentication cookies. Private Pro adds the option of whitelisting only the emails that you want to have access to the app. It’s like 2FA, but without a password.
-User rights can all depend on how you set up to app. It’s easy to do by setting a role for the user in the user profile table, and then conditionally hiding or showing Add/Edit options based on the signed in user’s role.
-A user only authenticates to a single app. -
I would say that the data stored on glide servers and/or google sheets is secure as long as nobody other than the developer has access to it. Where you have to be careful is what data is actually downloaded to a user’s device. First of all, data will not be downloaded until a user is authenticated and signs into an app. So if an app is Public or Public with Email, then anybody can access the app and anybody can sign in, which will download available data. Private apps will restrict who can even sign into the app, so only those that have access to sign in will have data downloaded. Now, I will say from experience that once a user is in an app, a savvy user can find ways to access and see that data. Now that’s not saying that all data is available. If you apply and use Row Owners properly, then you can restrict the data in a particular table so a signed in user will only download the data that they own. Don’t purely rely on visibility conditions and filters. They may hide the data from the forward facing app screens, but the data is still there on the user’s device. Only Row Owners will guarantee that a user will only see the data that they own, because only their own data is downloaded.
-Images and files stored in glide are a bit of a gray area. I believe the images and files are publicly accessible if the url is known, but the urls are very hard to “guess”.
-I wouldn’t worry about users maliciously manipulating data if they haven’t been granted access in the app to make changes. At least I have never heard or seen any cases of that. I would recommend the following documentation along with the T&C and Privacy Policy to learn more:
Security & User Data - Glide Library
Terms of Service • Glide
Privacy Policy • Glide -
To the best of my knowledge, data is encrypted when it is in transit between the server and the app but unencrypted on the user device so it is accessible to the app. It may be possible that data is cached on a user device in the browser cache.
Encrypt data - #4 by david -
I guess this depends on how you are accessing your third party database. If it’s via something like a webview or a computed column, then no I don’t believe glide themselves would have access to the data. Things like that would be rendered and displayed directly on the user device. Like all computed columns, webviews, images, etc, all of that is rendered on the end user device. Storage is another matter, if you are storing data in your glide table or google sheet in basic columns…and it’s sourced from your third party database somehow, then the glide servers would have access to the data. I guess it really depends on how you intend to access the third party database and if those access methods are secure in and of themselves.
I’ll just throw in a disclaimer that all of this is to the best of my personal knowledge. I will not guarantee the accuracy of my comments above. This is only what I have perceived over the past few years of using Glide. I would advise contacting Glide directly if you have specific questions regarding privacy and security. I personally believe that they have taken necessary security precautions and performed necessary security audits to stay compliant, but only they can confirm that.