Hello,
I recently learned that web addresses my app assigns to users are really assigned by Bubble using unique ids.
I want to learn if this creates vulnerabilities for me and the customers I serve. For example, let’s assume that all urls follow the same format, e.g.:
https://www.domain.com/folder/1234567x34508943
It would seem to me that if a script were created you could run it to check all combinations possible as this would be easy to do. If successful, the results would let a hacker know:
How many customers the app has
telephone numbers
location
names
and so on…
The hacker could then sell this information forward or even do something bad.
I’m concerned about how vulnerable this is and what measures can be taken to counter it.
Would really appreciate hearing more on the subject.
Thanks
John