Do you think the mechanism displayed by the value entered in the “Text Input” column of “User Specific” is completely unsafe?
Can a person with inspection knowledge find the keywords of the following apps immediately?
Is it possible to inspect an app and discover the values of User Specific columns entered by other users?
I would say no, it’s not possible. The values in User Specific columns (as the name suggests) are specific to each user (if they are logged in) or to each device (if they are not). So those values only exist for the user/device that is viewing the app.
The same applies with row owners. When row owners are applied, any data that doesn’t “belong” to the signed in user is not downloaded, so it can’t be discovered. You can’t discover something that isn’t there 
For everything else, yes, if you know where to look you can find it.
3 Likes
I didn’t look for anything. But what do you mean by keywords?
The app is set to display images and Hint with a specific keyword / password. It uses Visibility and Filter.
I would like to know if the keyword can be seen by others.
I spent a little time looking at this. It seemed to be harder than usual to get to the data. Not sure why. However, I could find “a few of my favorite things”, but I wasn’t able to figure out what to type in the text entry to get them to show up.
1 Like
Thank you Jeff.
What I wanted to try was whether “VISIBILITY” or “FILTER” would work with a specific password.
★ The correct password is set to “25”.
★ Enter “25” in the text entry to display the Hint and Inline List.
★ The sign-in style is “public”.
★ This time, we have set 4 lines of data including images.
★ Calculate (divide) the number assigned to each data with a password.
★ “If-Then-Else” returns “true” only for a specific calculation result.
By the way, do you think this mechanism can be used as a password to some extent?
Just to give you an idea, data is accessible…especially on public apps and on public with email apps after any user has signed in. I had some trouble with your app and I’m not sure why. Usually I can directly access the data in a nicely formatted way, but in a couple of apps lately I’ve had more trouble getting to that nicely formatted data. I’m not sure if that’s due to changes from glide, or just the way some apps are structured. However I did find a roundabout way to see some of your data. This is some of what I could see without knowing your password. Maybe I would have been able to figure it out if I spent some more time inspecting the data, or if I could figure out the normal way I have accessed data in the past.
I think what you are demonstrating is a way to obscure how a password is stored. The problem is that all of the data is still accessible regardless if your password is entered or not, so password protecting it is not very useful. At that point, all of the data is already on my computer to take a look at. Someone could eventually figure out your methods of obscuring your password by inspecting the data, or they could brute force attack your password textbox using dictionary methods to eventually figure what the correct password is. Only proper Glide authentication and Row Owners would guarantee that data is properly secure.
I have given some thought to creating a non-glide authentication system using SHA 256 hashing, which would obscure the password, but in no way would it protect the data itself because all data would still be downloaded to a user’s device. Also all of the hashed passwords would be downloaded and accessible by all users, so I’m sure they could be reverse engineered.
In the end I think the only safe authentication would be to used Glide’s built in authentication and data security methods. I don’t believe us users could ever create a homemade authentication method that would be reliable, secure, and properly secure the data using glide. The way glide is currently designed to work doesn’t allow for us to attempt to circumvent the built in authentication and security that glide provides for us.
And just to give you an idea of my skill level…I am a developer by day, but I am not at all a hacker. All I know is from existing experience as a web developer as well as some key things to look for that others have shared with me. Just imagine what a real hacker could find…
4 Likes
Thank you Jeff.
Thank you for your valuable analysis and appropriate suggestions.
1 Like