I built an interface for managing orders on my site, and obviously I want to be careful about setting the interface up in a way where someone can gain access to it. So, I’m running it on a separate page that loads invisible, and only shows after the correct password is entered.
This means that the password is exposed in the workflows, and I was wondering if there is a way for any user to view the workflow information, and potentially gain access where I don’t want them?
I’m guessing there may be a wholly better way to address this issue, but any insight or advice is appreciated.
Stop using a password in your workflows. All workflow logic is downloaded to the browser, so anyone can find it. The standard way to do this is with User Roles and Privacy Rules.
Make a roles field inside user and or something else like attaching user to the things it have access.
And in privacy rules have a condition which when validated user get access.
Normal users can’t view your Bubble workflows the way you can in the editor. Only collaborators who have access to the app in Bubble can see workflow logic. So a random visitor won’t open a “workflows panel” and read it.
That said, hiding an admin interface behind a “password input + show group” is not real security. Anything that runs on the page can be bypassed (and if the password is hardcoded anywhere client-side, you should assume it can be discovered eventually).
The better approach is: use Bubble authentication + roles, and lock it down with privacy rules. Make the page accessible only when Current User is logged in and Current User’s role is Admin (otherwise redirect). Then also restrict the actual Order data with privacy rules so even if someone guesses the page URL, they still can’t read or edit anything.
If you want an extra layer, keep all “admin actions” in backend workflows and only allow them to run for admins (or run them with server-side checks). That way the security is enforced on the server, not just by what’s visible on the page.
