Where are you adding these lookups?
It may not have been obvious, but my suggestion was to create the lookups in the Glide table.
So when you are done with the “Public” sheet and you look at the Google Sheet - you will only see one column, which is the RowID with the arrayformula. All the rest will be computed columns that only exist in Glide.
You should be able to give those columns any name you like.
I’m not totally sure on that answer. I just go under the assumption that any data that is not behind row owners or a secure private login is susceptible to being snooped by a savvy user regardless if they can access that part of the app or not. I’m not sure at what level the database is cached on the user’s device, but I would assume that most, if not all, data is synced and downloaded to the device to provide speed and ease of use to the end user. Row owners prevent that download from happening for users that are not meant to see that data. Like you said security through obscurity is not security at all.
Case in point is the recent post where a fellow app builder was notified by an anonymous user that all user data was accessible through various techniques, even though it was not technically visible in the app ui.
Three questions…
Is it the glide editor or google sheet that downloads onto someone’s phone?
How can I have the email address column accessible and able to send emails for all business owners once they sign-in?
Do you know how long this data is cached? If I switch my public synced sheet to this more secure one, the old one might still be downloaded on some phones.
It’s the same data you would see in the glide data editor. All computed columns are always computed locally on the user’s device. Not on the glide servers.
Are the emails only supposed to be accessible to other business owners and not the public? What data needs to be protected?
I have no idea how long it’s cached or if the cache is cleared after a user signs out of the app. It could all depend on the browser. All websites cache data within the browser but I assume it’s updated when a user is using the app.
Yes, the email address, and two others actually should be secure or not accessible by the public (not sure if that is the same thing) But I would like the other business to access the name and email address column of other businesses for contact.
Are you making a distinction between users and contacts?
If not, then perhaps this is what you should consider. It’s generally good practice anyway.
A user email is associated with a user of the app. It’s what they use to login, and as a general rule it should be kept private (unless the user explicitly agrees otherwise).
A contact email can be associated with a user, or with a business. It might be a personal email address, but in many (most?) cases it won’t be. It’s usually something generic like contact@ or enquiries@. Contact email addresses in this context are almost by definition public, so you don’t have to worry about trying to secure them.
Some are public, ie. you can find on their websites, but some are private. I would like for businesses to contact each other if wanted. They already know they are part of this internal communication network.
Okay, but I would still recommend creating that separation between users and contacts.
Then you can allow your business owners to choose how they should be contacted, rather than it being fixed to their login email address.
Do you have businesses with multiple users of the app? If yes, how do you mange that currently? ie. Which one is used as the business contact? Are they all listed, or do you pick one?
I would suggest reading this thread from this point to the end. I think it explains a very similar problem with similar obstacles. There is a bit more technical explanation on why this is so hard to achieve.
Thanks!! I’m wondering how Instagram does it where you can email someone from their page, I guess they have their own security for that?
Do you know if I use another tool which pulls the information from the google sheet for businesses to be in contact, would have the same downloaded data problem as glide?
Instagram has a team of developers building a single app from homegrown code whereas Glide is an all in one solution that tries to cater to millions of different app types with easy to use no-code tools. I’m sure Instagram works quite differently and handles a lot more processing server side when it comes to security. I don’t know if it’s quite fair to compare the two in functionality.
I’m not familiar with other tools or how they work. Other than code development at my day job, Glide is the only no-code solution that I use in my spare time.
I guess we will have to wait for chat to become a feature for communication between users (also where you can choose which users have this feature), where emails won’t be needed. Thanks!