Hey so I checked my analytics today and saw that someone tried to access a test page both on the live and test version of my site.
Nothing happened because the button didn’t have an active WF on it. But now I need info on the best way to protect my site.
I have privacy rules set up. But what else can I do?
When it comes to that test page, should I hide it from page load and just have the admin be able to see it or is that not enough?
You can’t block the Internet from coming to your door.
All you can do is make sure your site is protected. Just read some of the threads that @georgecollier has shared and it will give you some homework on how to protect your app’s data.
Element visbility is not part of the security model and has zero effect on a technical user.
Remember all pages in your app can be listed in the developer console so randomly naming pages so people won’t stumble across it isn’t security!
That’s good to know. I was surprised that someone found this page. But I see. Ya I’ll make sure to change the conditions on test WF for now on.
A server side redirect is smart. Make sense to make that action a server side thing. I’ll do that today.
Any specific post I should look up of yours for more security lesson?
Maybe scroll through here (topics view) and find something that interests you
I’ll plug it for George because he’s too modest, but once you start adding more logic and complexity it’s very easy to lose track of your app’s security, so it’s good to use something like NQU Secure to keep an eye on any glaring vulnerabilities
Perhaps you’re already aware, but I just wanted to note that there’s also Flusk, Bubble’s security monitoring tool that’s available for all paid plans.
Yes, Flusk and NQU Secure both exist! The former is included in Bubble paid plans. NQU Secure is free.
I’m biased, but NQU Secure checks more stuff, produces more accurate, context aware results (i.e won’t flag a public ‘Blog’ data type just because it’s public), and is less of a pain in the ass to use.
Thanks for sharing @jake.bennett
…and while I’m sure it’s useful, is likely a big data hoover. 
I haven’t used either, but NQU Secure sounds very nice. 
I respect that. I respect that you s/o his product for him. Then I respect that @georgecollier obviously care about people more than he care about praise to be humble enough and not plug himself.
I appreciate it!
So how do you do server side redirect? I’m. taking a look now and don’t see a redirect option in the backend.
When page is loaded and Current User’s Role <> Admin, Go to page index, for example.
The manual will help you out here: Page security | Bubble Docs
Oh I know how to do that. When you said server side I thought you meant that WF but in the backend.
