Is it safe to use chat/comments component?


The Chat and comments components require use of author EMAIL value.

Isn’t that a security/privacy risk?
As we can’t work with row owner columns with this component for obvious reasons…

If it was ROW ID of user wouldn’t it be better?

Else i was thinking about putting a disclaimer below chat: be mindful your email could be visible by everyone.

What do you think? is it safe to use chat/comments component?

Why wouldn’t you be able to work with row owners though? As long as you pass an email over the comments table you can use it?

I’m not sure I get the problem here, you can also use a roles setup for data privacy.

Found solution thanks to ThinhDinh in private chat.

ThinhDinh in DM:

You can just send a userID over and then use a relation + lookup to get the email

Computed columns are mostly calculated on the client’s side, so if anyone can “hack” your data, they can only get the ID, as far as I aware

Martin_B in DM:

Thanks Thinh. I did exactly that what you said…
Save user row ID instead of email and use a relation + look up to display message.

Remaining problem: as long as the user didn’t send a message in this conversation, all the messages are not identified (linked to a user name)… they all appear on the left side of chat view, and under one name…

Workaround=> A button “join chat”, activate visibility for the chat and adds automatically a message in the conversation “username… Just joined”… and then the user can see the chat with properly organised messages.

Can you explain more on this part?

I’m not sure how it is related, wouldn’t it be the same if they join the chat (all messages that are not theirs will be on the left)?

Yes :slight_smile:
But in this case, none are preceded by the username.
Just messages on the left.

What do you mean by “preceded by the username”? I think there’s something lost in translation here.