How difficult is it to view "hidden" tabs?

Hi everyone,

I’m currently working on a Glide App that has become quite complex due to the platform’s limitations. Early on, I encountered issues with using Row Owners as intended for my data structure. Even Glide support confirmed that it wouldn’t work as expected in my case. As a workaround, I had to hide several navigation tabs using visibility logic.

Now, I’m reconsidering this approach and wondering how easy it would be for users to manipulate the code and access those hidden tabs. Although my app is for internal use and serves about 50 users, I’m still concerned about potential security risks.

Could anyone share their thoughts or experiences on this? I’d really appreciate your insights.

In order to access a hidden tab, a user would need to know (or guess) the direct URL of that tab. It might also be possible to discover hidden tabs by using browser inspection tools, I’m not sure about that. @Jeff_Hager might be able to provide more insight.

1 Like

Well, as a very basic test that’s easy to try yourself, even if you know the url of a tab that’s been hidden using visibility conditions, glide will not render the tab and still redirect you to the first available tab, so that proves you can’t manipulate your way using the url alone. It would take time to dig and confirm, but I feel reasonably confident that at least that part is handled server side, so impossible to manipulate.

It’s been a long time since I’ve dove deep into an app to see what can be accessed client side. Very time consuming. Long story short, I always assume one way or another that it’s possible to find values from tables that are not protected by row owners. Is it easy? Probably not. I’m also not remotely close to being a hacker. Just a software engineer that knows enough to do my day job. But just know that table data is downloaded to a user’s device, and if that data is not protected behind an authentication screen or row owners, then the potential is there for someone with enough knowledge to scrape some info of those tables are used one way or another by the app.

I think Glide has increased security quite a bit over the years, and their SOC audits verify that. I think these days you are pretty safe if you do your part to follow best practices for securing data.

2 Likes