Potential security issue: ability to clear users cache needed

Today I experienced a security flaw in one of my personal apps. I accidentally had a tab visible that should not have been visible to a portion of my end-users. I recognized this issue after a few hours of the initial build and immediately adjusted the tab visibility settings.

However, many users are still able to see that tab. I did some more testing, and noticed other issues. For example, I changed the app URL altogether but some users already had the app installed on their device and were able to open it up and sign in.

Is there anyway we could have some functionality for forcing a clear cache? Could something like clearing the app Logins sheets do this?

5 Likes

@Robert_Petitto I had a issue with a pro app which was installed mulitple times on my phone. It didn’t update when changes were made. The “refresh sheet” was set to “only on edit” but I had done many edits - and still - the apps didn’t update.

1 Like

I think related to this, is the issue that users have to sign in not just once but twice, to see all changes that have been made in the app after their last signin. I have no idea why but this has been consistently true when I have been testing. Also concerned about these cache issues since we rely so heavily on conditional visibility and filters and as evidenced by the filter deletion when sorting bug that happened a few days ago, they are not fool proof methods for data security. Publishing control also a big concern for me-strongly prefer ability to force new sign in when pushing so that changes are updated in the user’s app.

2 Likes

@Deena just for info. My pro app was setup up as public

1 Like

Same here. I login twice to see the updates.

2 Likes

@S_C @Deena Hm…I do not like it Sam I Am.

2 Likes

I too am having an issue. My app displays a photo from an external source. I have updated the photo on the external source and tested that it has been updated. However, my Glide App still shows the old photo. I have tried clearing the cache on my browser to no effect. Please help!

1 Like

Glide will cache images to make app loading more efficient. You may want to add a query parameter such as ?cachebust=12345 to the end of the url, so it’s recognized as a new url, but will still load the same image.

thanks for the suggestion but it did not work - still loading the same image…

Kim

Would you be willing to share the url and a screenshot of what the image is currently showing and what it should be?

Jeff - thanks for the reply.

i have removed the picker as it was messing up some people’s photos.

so after thinking about it, i think part of my problem is the process i use:

  1. i use importrange to pull registrations from our website
  2. i then use a formula to generate a URL based on the registrants / spouse names to pull photo from our member photo library (i.e. https://…/Pictures/Member%20Photos/Pollock,%20Kim%20_%20Shelly.JPG)
  3. That is the default photo that is displayed (if there is one).
  4. I added an image picker field from glide to update that field if attendees wanted to replace their default photo
  5. that works initially. however there is not a firm link between the uploaded photo and the record that it was linked to. when the registrants change (new / cancels), the uploaded photo randomly moves to another record.
  6. for now, i have removed the picker. it would have been nice to have.
  7. here is my app - https://eventapp.fmca4wheelers.com/
    kim

Are you using the importrange and then adding additional columns in the google sheet? If so, just like using a UNIQUE formula, you run the risk of data becoming misaligned because the data in the importrange is not directly linked to the row that contains the additional column data. I avoid doing things like this at all costs because it’s too easy to have corrupted data if things change and become misaligned. Instead I have used scripts in the past to only add new names to a sheet if the name doesn’t already exist. This was instead of using a UNIQUE formula to bring names into several other sheets. Using the script instead preserves the name in the row it was written to initially. I have since restructured my app and data so I don’t need to do that anymore, but it’s a safer way if you need it. If you are having the members sign in to change their info, the using user profiles would create a row for them automatically in a separate user profile sheet.

What I would do is have a separate sheet (new user profile sheet) that contains editable member data, such as the member photo. Allow that separate sheet to be edited by the user instead of the sheet that contains the imported member data. From here you can either display the imported members sheet and use a relation/lookup to pull in the updated photo from the user profile sheet, the use an If/Then column to determine which photo to display. Or you can display the user profile sheet and use a relation/lookup to pull in all the info from the imported sheet. Pick whichever method is easier to maintain.

1 Like

Jeff -

Thanks for the comments and suggestions. This misalignment is exactly what is happening. Our attendee registrations come from our website (a lot of reasons why that cannot change). we then use importrange to pull the registrations for this one event and I do add a new column for the photo link. but in this case, i am able to derive that link from the registration data (it is a combination of first and last names and spouse name). that part works with no misalignment. it was only when i tried to allow them to update their image using the app that i ran into problems.

I have removed the image picker field for now.

thanks again for the suggestions.

Kim

2 Likes