I have an app for an event where users run around in a ‘treasure hunt’ and enter the code they find at each station. If the code is correct it unlocks a clue for the next location and the process continues until they are finished.
I want users to install the app a few days before it starts (sign-in, create profile etc.). The problem is I have a column in the Glide table that stores the correct codes for each station. The app uses this column via an action with conditions to decide whether an answer is correct or not. It’s not available for anyone to see but if I understand correctly, any savvy user could theoretically inspect this column and look at the answers in the days leading up to the event.
I was hoping to protect this column and then unprotect it right before the game starts. Played around with row owners but that doesn’t seem to be the right approach? The codes are in a list, not an array that exists within a single row that could be protected.
In this situation, what would be the best way to set it up? And how easy is it to inspect the information held in the back end of a Glide app? I’m not tech savvy so don’t have the faintest idea how I might do it. Perhaps I don’t need to worry as 99% of users wouldn’t even think of doing this?
You can make the column ‘protected’ from within the data editor. This will hide the data from everyone because essentially you are telling Glide to not download that column in any way. Then right before the event starts go ahead and unprotect it.
For your use case I don’t think you have to worry about people inspecting your app… but the workaround I gave you is easy enough.
Thanks for your help, I saw a post about protected columns while searching the forum before I posted but there is no option to protect any columns in my app. I thought maybe the feature wasn’t carried across to the new Glide apps, or it could be missing due to the plan I’m on, which is not-for-profit
Instead of storing your codes as plain text, hash them using SHA256, and store those.
Then when a user enters a code, hash it on the fly and compare that to your stored value. If it matches then they’ve entered the correct code.
To discover the codes, a user would first need to get at the hashed values, and then find a way to reverse engineer them. And as far as I’m aware, SHA256 is a one way function.
You would probably just need to keep a separate list of the plain text codes (outside your App) in case you forget them.
Thanks Darren, that seems like a great idea and would bypass the need to change the app right before an event. What about image columns? For most clues there is an associated image - can they be encrypted as well?
I posted that before I watched your video - I used the same approach with the URL of an image and it produced a result. Would I then implement it the same way?
Oh right, silly question now that I think about it. As for how the images are used, if a user enters the correct code the app will give a text based clue for the next location with an associated image. The images vary from map screenshots to photos of nearby objects etc.
Okay, I suspected something like that.
That’s a little bit trickier, and you might have to use Eric’s idea of keeping the column protected until the day of the event. I would recommend testing that though, just to ensure that the rest of the App is functional with the column protected, and then works correctly once you unprotect it.
Right then, I’ll use your approach to encrypt the answer column as that’s the main one needing protection.
It’s probably not an issue but you never know, it’s a family event but a trial one I did was suprisingly competitive so I know the lengths some dads will go to gain an advantage
It would like to use protected columns in an app where for example employees should be able to see each other (without downloading each others social security number in the background) but in another app with the same employee table admins can see and edit their info including social security number.
Do you see another way to solve this? without external data sources or complicated syncing between tables using set column values
If you are ruling out the possibility of using a Google Sheet, then you cannot use Protected Columns.
Therefore, your best option would be:
In your first App, create a secondary users table without row owners, and without any columns that contain data that should be kept private. In other words, a Public Users table.
In your second App, all you really need to do is give your Admins ownership of all rows in the Users table.
I wasn’t aware of any limitations for protected columns. Are you sure it’s not there when you click the little arrow on the headers?
