Users able to bypass screens that they should not be able to see!

I have hidden some screens in my app to certain users, however it’s apparent that every so often users are able to slip through the cracks and access screens that they should not be able to see. They are also able to write data into the pages on these screens.

This is a huge red flag security-wise and has happened on at least 3 separate occasions. This is unacceptable and I’m concerned about the safety of Glide as a platform.

Need more information. How do you think they are accessing the screens? What have you done to restriction access to those screens? Are you utilizing any row owner data security?

I haven’t used row owners no. I’m using “filter by” and “email = signed in user”.

As an example, they have been able to complete their user row data but this shouldn’t be visible/possible until I’ve granted them access to do this. Based on the app permissions I’ve set up.

I have no idea how they’re accessing the screens as when I try to sign up and access the app and/or view screens based on the restricting criteria, I’m unable to. Similarly when I select “view as”, it doesn’t work. As I said, this issue doesn’t occur for every user but it does every so often.

Can you expand on this? I would imagine that there is maybe a second screen that you are missing or maybe your conditions do not catch all possible scenarios. Really hard to say without knowing details about your app flow and configurations. I would be more inclined to think that is something in your configuration as opposed to a Glide bug.

1 Like

Does the app have “required sign in” or “optional sign in”?

Required sign in… funny you should comment, I’m watching your video on securing data with row owners and following step by step! Very helpful and much appreciated.