Hi! In the Glide library on the page about “filters” it says this below – and I don’t really understand – what exactly is the security concern with filtered data?
Please note that filtering is not a security feature. If you use it, the app can still download filtered data. If your app has private or sensitive data then you should use Row Owners.
With filtering, the information is only hidden in the app user interface. For example:
My secret password is hidden below:
You can’t see it, but the data is still there. Clever people can figure out how to view any data your app downloads. If you use Row Owners, the data isn’t even downloaded, so nobody can see it no matter how clever they are.
Got it! I’d certainly rather use ‘row owners’ if it’s safer… but it seems more complicated. So I was kind of wondering how unsafe the filter option is… seems like it’s still pretty safe overall just maybe not something you want to use for highly sensitive data.
You could approach it as follows.
“If there were to be a data breach, or if the hidden data became unhidden and therefore viewable to unintended users, then would it be okay?”
Yes, it would be okay. Annoying or a shame from a user experience standpoint, but it would be okay. → Filtering could be used
No, it would definitely not be okay. Huge no-no. → Filtering cannot be used. Row owners must be used.
Thanks! That’s a helpful rubric.