Working on an app and I want to be able to create unique pages within the app that can be shared publicly. In my case its condition reports, but think of how you can publish Notion pages or send an invoice via Hubspot.
I know how to do this technically, or at least one way, (with a unique page + page data from the url + allow non-logged in users to view), BUT are there any security concerns/best practices for this kind of functionality?
This will be my first time doing this in bubble so curious if anyone has any advice.
SECURITY
Secure data that shouldn’t be shown for an un-authenticated user, using privacy rules.
Ensure the fields that only need to be shown are included in your rule for authenticated users (ie don’t click “View all fields” if you don’t need to)
Consider adding a new data type on the Thing (eg a field named “public?” yes/No) to control its public visibility. It will enable you to control whether certain records are available or not to unauthenticated users.
(If doing this then tighten privacy rules further to only show data for the Thing when it’s marked “Yes”)
Consider SEO and bots crawling this page (which they are now able to). Do you want them to find it? Consider excluding in your sitemap etc it not
AESTHETICS
As the link is hopefully being shared externally, I would put some time into making sure the pages metadata looks right, has an image etc. IMHO this soft stuff matters for UX
Maybe think about setting a “slug” so the URL is more user friendly
Obviously more general security practices apply too that aren’t just limited to this use case eg like securing your workflows where applicable with conditions, making use of “terminate this workflow” and others as documented in the manual and on the forum of late.
Hope it helps. Look forward to hearing the contributions of others.
