How does bubble give security on database from being modified to a different value than pretended?

I was reading about database privacy settings, and it seems to restrict users who cannot see certain content of database.

But what about deleting/modifying database? is it possible that a hacker changes the values? how does bubble prevent this?

Say… if i give X “skill points” for a player, a hacker may increase that value to more… Or does bubble execute all the instructions only on server side?

Is there a way i can prevent unauthorized modifications/deletion, if there are any?

You can manage privacy in the Data Tab.

Thank you for answering, i already knew about the privacy options that allows to make data restricted to some users.

Although my problem is not that one. I want the data to be seen by all, but not modified as users want it too.

Such as the example of giving experience to players: They can see the experience/level status of him and other players, but they mustn’t be allowed to delete or modify it freely by client side.

Is this a problem at all, or does bubble get me protected by this type of “hacking”?

My understanding is that users can’t change data unless you have a workflow that allows them to. And, if they were to try to “hack” the workflow and have it edit another user or another field, for example, that wouldn’t work because Bubble verifies the logic again server side before updating the database. In other words, this is locked down pretty well.

So, if you want to prevent people from changing data for other users, all you have to do is make sure you don’t add a workflow that allows them to do so.

2 Likes

Ohh thank you for clarifying!
So a workflow like this is totally secure, right?:


this user. experience = this.user. experience + do search for mission X’s experience

only when: do search for mission X’s status’s is completed


delete search for mission X

yes it is.

2 Likes

This topic was automatically closed after 70 days. New replies are no longer allowed.