How to securely have tabs for not signed-in users and signed-in ones?

Hey, guys!

Ok, so now I have my app up and running, people are using and loving it!
That said, the time has come when I need to work on a landing page and other informative/marketing tabs for those who aren’t yet users and are visiting my site to decide whether they want to sign-up or not.

I wanted to use the same app built here on Glide to host those not-sign-in-user-tabs (landing page, informative, marketing tabs) and the already working only-sign-in-users tabs (the real app). To make that work I’m thinking on doing these steps:

  1. settings → privacy → access → ‘anyone with the link can access’
  2. settings → privacy → sign-in → ‘optional sign-in’
  3. settings → privacy → users → ‘users table’

This way I allow anyone to reach my site/app, but via users table I can control who can sign-in or not; who is a user and who is not.
That done, I can set tab’s visibility to “email is signed-in user” for the tabs that are a part of the working app and “email is not signed-in user” for the landing page and marketing tabs.
I made some tests and it seems to work, but now I’m worried about data security. It just crossed my mind that using visibility controls to show especific tabs for signed-in and not-sign-in-users may work just like filters and not be data-safe, meaning that someone who is not signed-in is still having all the “signed-in” data downloaded to he/she device.

Is my concern about that security valid? Am I missing something? Do you guys have any suggestions?

Thanks in advance for your time reading this giga and complex topic :smiley:

Hello @Werther,

From what I understand, you are definitely on the right track to allow access to certain parts of the app in terms of displaying the data. I would also suggest activating the option “Access Request” under Settings → Users & Authentication to be able to see who wants to access the app and add them to it. Otherwise the work would need to be manual, as if people try to sign-in and their email is not on the users table it would be rejected, and no way for you to know, but with the request you could see who wants to sing-in and add them as users.

On the security aspect of the data being accessed, you are correct in having that concern, as visibility is not a security feature, it only filters information.

To have your data secure, you need to go into the tables and set row-owners to the data you want to display and to whom.

Here is the documentation on this aspect:

By doing this you actually protect the data from being downloaded to the device being used by the users. The tabs display information from the tables, so this is the foundation to have the information secure, then simply add the visibility feature on top of it as you were doing.

Hope this helps!


Thanks big time, that’s it!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.