2023-11-08: I *think* I got it back up now.
2023-10-31: fix for API
2023-10-27: demo is back up.
2023-10-19: demo is down – I ran out of cloud credits. I’ll try to put it back up this weekend
2023-10-18: added demo and link
Try your luck here: rico.wtf (it’s a bit unstable and I haven’t ironed out all the sharp edges yet)
Ever wonder what your db looks like in one of those fancy db visualizers?
Drop me your Bubble app’s url and I’ll generate one.
I mean, if just knowing the DB structure allows someone to hack an app then something else has gone wrong in the app’s development, but generally yes, not publicising the DB structure would make it more difficult to find exploits.
I think it’s a bigger issue that endpoints are exposed in meta, and it even tells you which don’t require authentication. Just search for “auth_unecessary”: true and all of those endpoints are fair game for a hacker to have a go with!
In addition to your DB, you can also find your APIs, your API keys (if public) your password limit, your client side workflows, and a lot more.
I recently put together a security course that goes deep into this, and how to prevent other venerabilities in your app.
For the most part, the public data that is exposed, won’t hurt your app. But it’s unsettling, that’s for sure.