Most data is downloaded to the app, whether it’s visible to the user or not. If proper security of data isn’t used, then someone with the right knowledge and tools can see it. I’m not looking at his sheet. I’m looking at the data that was downloaded to my computer when I opened the app.
1 Like
how do you see data downloaded to your comp? i wanna check what is showing in my apps
I’d rather not share. I know how because I’m very familiar with web development. That kind of info is not good in the wrong hands.
2 Likes
If Jeff told you that, he’d have to kill you 
(seriously, this is not something that should be encouraged - people just need to be aware of the risks, and follow recommended best practices)
1 Like
ok Ill google it…
I suggest following what the Security Center recommends. Then you should be fine.
ok, i just need to see what is visible, so i can understand better how to protect it
I always assume that anything that is not protected behind a proper sign in process and any time Row Owners or Protected Columns are not properly used, then I will always assume that underlying data can be accessed.
so the best practice will be to assign unique ID to all users and do referrals to these numbers instead of emails? and use these numbers to attach to all posts and data that they provide and keep them in user-specific columns or owners rows
Well, that’s not true security. Someone could always connect the dots and figure out if a unique ID in one sheet matches a unique ID in a user sheet that contains Personally Identifiable Information (PII) of the user. Plus, that prevents you from being able to use row owners if you ever need it, since you would no longer have an email in the sheets. There’s nothing wrong with using IDs to link data, but don’t rely on it as a security feature.
I use keys to link all of my tables together, but I only do that as a way to properly link database relations through keys since the unique keys will never change. I do not use that method as a way of securing data, as it only slightly masks the data. It does not make it secure. Once somebody figures out your methods of hiding data, then you can’t stop them from exploiting it.
https://securitytrails.com/blog/security-through-obscurity
As always, follow Glide’s recommended practices for security. Not only for your sake, but for the sake of your users. You would never want to have to explain that you exposed all of their personal data because you took shortcuts to save a buck or make something easier. Even large companies make this mistake. If there is ANY data that you have in your app that you do not want exposed to any potential other users of the app…please remove that particular data or properly secure it as recommended.
This user found out the hard way that there is always someone out there that could potentially cause harm.
2 Likes
Great app !!
How did you create the promotional video?
so how to handle situation when i have customers data with emails, phones, addresses … and connecting them with vendors who also have same data base, my App need to filter them by distance , age and search preference… so now both data bases will be expose
Jeff, that’s next level scary and same time very helpful what you shared regarding protecting data. Did not know about it until you shared this screenshot.
Going ahead reading security guide. Thank you.
2 Likes
Also what is amazon discourse?
@Uzo That’s at your discretion. Read through and understand the documentation in the Security Center. I’m just trying to make people aware. Maybe you need to consider separating certain data into separate tables and utilize row owners on some of the tables that contain private data. Add terms and conditions for your users to understand and agree on the types of personal data they may be sharing. Does a user need to share any of their info with another user, or just a vendor. I would assume vendor information is public. With proper use of Row Owners, a user will always have access to their own data, but they won’t have access to anybody else’s data. If they choose to share it with a vendor, then there is nothing stopping them.
@shej If you are talking about the image source, Discourse is the company that drives this forum. I assume they use Amazon AWS to host the forum site. When I add an image into a post, it uploads it to the forum server.
2 Likes
so pretty much in my case there is nothing i can do to protect customers data, because App have to process that data to connect with vendor
I have seen that on my image source too. Guessing its built through Amazon servers?
@Uzo I would not say there isn’t anything you can do. I think it’s almost always possible to properly protect the data. You just need to think about how your app and data is structured. I don’t know how your app works so I can’t give an opinion on what you are trying to do. All I can say is just read through the documentation and try to understand it. I think it’s pretty thorough. And as mentioned in the documentation, any pro user can request a one on one security review. Also, you can always ask specific questions here if you are questioning if data in particular parts of your app is secure. Just always ask yourself, if it was your personal information on the app, can you be assured that your personal information will not be downloaded and accessed by another unknown user.
@shej yes Discourse forums are most likely hosted on Amazon servers. AWS is Amazon.
3 Likes
in that image from my App you post, you can access all cells ? and how to hide from you to access it and still be available for app to do calculations on that data?
sorry for taking your time…